Overview

overview

10

Static

static

3

ecc3d188c0...e2.exe

windows7-x64

10

ecc3d188c0...e2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecc3d188c07059b0938f71d2897fb0e2.exe

  • Size

    1.2MB

  • Sample

    230608-m9c7faef64

  • MD5

    ecc3d188c07059b0938f71d2897fb0e2

  • SHA1

    818243a6acd3ea9db962dde68ddab8babe911c46

  • SHA256

    949ea89d7f493bd6476da1ea5923da51a93d36c8051c7802c3eee2a71bd9f451

  • SHA512

    46c7c1130d8997dfafbed6ba1fbb70cdc64797f191bb1f3caa503e525b9460b858b6f894111d871831166703493c14a5f3eb09209f147f3a521494d45a6eef67

  • SSDEEP

    24576:xcUMsJkI/T/O7N/Rzor3Iu0aMp/7YcTgXkV5GE9o:xcEaWOhZor3Iux+zVTJ5k

Score
10/10
formbookmodiloadert3c9ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t3c9

Decoy

shadeshmarriagemedia.com

e-russ.com

sofiashome.com

theworriedwell.com

americantechfront.com

seasonssparkling.com

maximuscanada.net

tifin-private-markets.com

amecc2.net

xuexi22.icu

injectiontek.com

enrrocastoneimports.com

marvelouslightcandleco.com

eaamedia.com

pmediaerp.com

tikivips111.com

chesterfieldcleaningcare.com

thecrowdedtablemusic.com

duncanvillepanthers.com

floriculturajoinville.xyz

Targets

    • Target

      ecc3d188c07059b0938f71d2897fb0e2.exe

    • Size

      1.2MB

    • MD5

      ecc3d188c07059b0938f71d2897fb0e2

    • SHA1

      818243a6acd3ea9db962dde68ddab8babe911c46

    • SHA256

      949ea89d7f493bd6476da1ea5923da51a93d36c8051c7802c3eee2a71bd9f451

    • SHA512

      46c7c1130d8997dfafbed6ba1fbb70cdc64797f191bb1f3caa503e525b9460b858b6f894111d871831166703493c14a5f3eb09209f147f3a521494d45a6eef67

    • SSDEEP

      24576:xcUMsJkI/T/O7N/Rzor3Iu0aMp/7YcTgXkV5GE9o:xcEaWOhZor3Iux+zVTJ5k

    Score
    10/10
    modiloadertrojanformbookt3c9ratspywarestealer

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Formbook payload

      rat

    • ModiLoader Second Stage

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks