formbook | 4cf0ae4fba8592a825b19eac5fa68be43ece8a2603177a006f9927e91898661f | Triage

Submit
Reports

Overview

overview

Static

static

3

edilmis faktura.exe

windows7-x64

edilmis faktura.exe

windows10-2004-x64

Sharing

General

Target

edilmis faktura.bin.zip
Size

430KB
Sample

230613-jjwpbafd74
MD5

b9630b4a1b9c906fee41b8d27175dcdb
SHA1

f2ff510e5c69e45372030ebb767ff9e376578cf7
SHA256

4cf0ae4fba8592a825b19eac5fa68be43ece8a2603177a006f9927e91898661f
SHA512

29085ba372edb3a9b5be07dce946c089574dd6a8ad25a41d2ee00cfeef57ebce473c0fe6dc17db8b33dc95f24251d8eb2107d59e785cccb979d6bdb28b3484c5
SSDEEP

12288:Xf8s4n8EFCYz1MrQ8K6IRl+GHPHw2EJibLKO:X0s4n8EFJz1V8KZpHP3EJgLKO

Score

10^/10

formbook modiloader xloader uj3c loader persistence rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

edilmis faktura.exe

Resource

win7-20230220-en

modiloader trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

edilmis faktura.exe

Resource

win10v2004-20230220-en

formbook modiloader xloader uj3c loader persistence rat spyware stealer trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uj3c

Decoy

copimetro.com

choonchain.com

luxxwireless.com

fashionweekofcincinnati.com

campingshare.net

suncochina.com

kidsfundoor.com

testingnyc.co

lovesoe.com

vehiclesbeenrecord.com

socialpearmarketing.com

maxproductdji.com

getallarticle.online

forummind.com

arenamarenostrum.com

trisuaka.xyz

designgamagazine.com

chateaulehotel.com

huangse5.com

esginvestment.tech

intercontinentalship.com

moneytaoism.com

agardenfortwo.com

trendiddas.com

fjuoomw.xyz

dantvilla.com

shopwithtrooperdavecom.com

lanwenzong.com

xpertsrealty.com

gamelabsmash.com

nomaxdic.com

chillyracing.com

mypleasure-blog.com

projectkyla.com

florurbana.com

oneplacemexico.com

gografic.com

giantht.com

dotombori-base.com

westlifinance.online

maacsecurity.com

lydas.info

instapandas.com

labustiadepaper.net

unglue52.com

onurnet.net

wellkept.info

6111.site

platinumroofingsusa.com

bodyplex.fitness

empireapothecary.com

meigsbuilds.online

garygrover.com

nicholasnikas.com

yd9992.com

protections-clients.info

sueyhzx.com

naturathome.info

superinformatico.net

printsgarden.com

xn--qn1b03fy2b841b.com

preferable.info

ozzyconstructionma.com

10stopp.online

nutricognition.com

Targets

- Target
  
  edilmis faktura.bin
- Size
  
  891KB
- MD5
  
  9c303dcfbfcc682bff7691077a6d4e33
- SHA1
  
  bf14c13c30daaa9662146e177644836ca575df5f
- SHA256
  
  914a0ac7bbb378376682002e924a876274aa79ec2aa8d8a2c411b31d0ff48244
- SHA512
  
  72d48ad1f9af4fd786147ee3f3c7b6de3873e6e452a082221d4dcc98c7a460f4ca8faa7264948d585e7eececf18412f351465a94eaa3a31c5169c56e628fd8f5
- SSDEEP
  
  24576:DqdXPn4tl29UFPWmKoyk4TLmgvky46i95nwka8:DqdfXUFPjKoNw714B
Score

10^/10

modiloader trojan formbook xloader uj3c loader persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

formbookmodiloaderxloaderuj3cloaderpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy