formbook

General

Target

d5b181be63ce08ec89eb7db52735a626.exe
Size

841KB
Sample

230513-2rqgdabh9w
MD5

d5b181be63ce08ec89eb7db52735a626
SHA1

c33df2f9fcd1e2b961f990bbbd819fff218c0a20
SHA256

fcc333cc2afdf31c58e273f1ffe429fa7a765479582f9508867517c23d51a9f4
SHA512

1cb6bb49cf683f66c7a631131797b7c6ebe9d041dd9285368ec8817c8725e88d63d6a095cc915f3dc84bf63858e73ec44318ee25d452ece5ef7759cd448071ff
SSDEEP

12288:werZScSZpW3BcOfqg1EM50Pbkttml53kbXJ2zl:woUZpW3S2gKIsbZ2h

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ges9

Decoy

lolofestival.store

amzin.info

pulsahokii.xyz

bahiszirve.com

animekoe.com

kansastaxaccountant.net

howgoodisgod.online

medakaravan.xyz

pesmagazine.net

americanpopulist.info

nepalihandicraft.com

mariabakermodeling.com

cavify.top

onlinewoonboulevard.com

furniture-22830.com

ophthalmicpersonneltraining.us

yz1204.com

extrawhite.site

tomo.store

martfind.online

Targets

- Target
  
  d5b181be63ce08ec89eb7db52735a626.exe
- Size
  
  841KB
- MD5
  
  d5b181be63ce08ec89eb7db52735a626
- SHA1
  
  c33df2f9fcd1e2b961f990bbbd819fff218c0a20
- SHA256
  
  fcc333cc2afdf31c58e273f1ffe429fa7a765479582f9508867517c23d51a9f4
- SHA512
  
  1cb6bb49cf683f66c7a631131797b7c6ebe9d041dd9285368ec8817c8725e88d63d6a095cc915f3dc84bf63858e73ec44318ee25d452ece5ef7759cd448071ff
- SSDEEP
  
  12288:werZScSZpW3BcOfqg1EM50Pbkttml53kbXJ2zl:woUZpW3S2gKIsbZ2h
Score

10^/10

modiloader trojan formbook ges9 persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook payload

ModiLoader Second Stage

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2