formbook | 81d5bdb550292a188ea1fbc1890aa730019275427b64620e1d115f376abbdd64 | Triage

Submit
Reports

Overview

overview

Static

static

3

U prilogu ...un.exe

windows7-x64

U prilogu ...un.exe

windows10-2004-x64

Sharing

General

Target

U prilogu je predracun.zip
Size

410KB
Sample

230613-l3yzwsgb9t
MD5

78e90907c1b3e61739af2e60854d65fb
SHA1

a7901407a0483b8e07cf1e9cc885c9830c9560af
SHA256

81d5bdb550292a188ea1fbc1890aa730019275427b64620e1d115f376abbdd64
SHA512

47cee76ca57db8ce2b58f6b25c3cb742bc5eecec155cfecfd5022c99185a1dc203c1414564a34719e53840246166c6713f6f3d6f61c62d9c9a3025b381ece248
SSDEEP

12288:TufsMyApdI4BooXvJ51KazfRpAUf/zSic9/w93X6xW0io60m/W:TmIKJfJXXzf4WzSxw93qxCoT

Score

10^/10

formbook modiloader xloader uj3c loader persistence rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

U prilogu je predracun.exe

Resource

win7-20230220-en

modiloader trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

U prilogu je predracun.exe

Resource

win10v2004-20230220-en

formbook modiloader xloader uj3c loader persistence rat spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uj3c

Decoy

copimetro.com

choonchain.com

luxxwireless.com

fashionweekofcincinnati.com

campingshare.net

suncochina.com

kidsfundoor.com

testingnyc.co

lovesoe.com

vehiclesbeenrecord.com

socialpearmarketing.com

maxproductdji.com

getallarticle.online

forummind.com

arenamarenostrum.com

trisuaka.xyz

designgamagazine.com

chateaulehotel.com

huangse5.com

esginvestment.tech

intercontinentalship.com

moneytaoism.com

agardenfortwo.com

trendiddas.com

fjuoomw.xyz

dantvilla.com

shopwithtrooperdavecom.com

lanwenzong.com

xpertsrealty.com

gamelabsmash.com

nomaxdic.com

chillyracing.com

mypleasure-blog.com

projectkyla.com

florurbana.com

oneplacemexico.com

gografic.com

giantht.com

dotombori-base.com

westlifinance.online

maacsecurity.com

lydas.info

instapandas.com

labustiadepaper.net

unglue52.com

onurnet.net

wellkept.info

6111.site

platinumroofingsusa.com

bodyplex.fitness

empireapothecary.com

meigsbuilds.online

garygrover.com

nicholasnikas.com

yd9992.com

protections-clients.info

sueyhzx.com

naturathome.info

superinformatico.net

printsgarden.com

xn--qn1b03fy2b841b.com

preferable.info

ozzyconstructionma.com

10stopp.online

nutricognition.com

Targets

- Target
  
  U prilogu je predracun.exe
- Size
  
  826KB
- MD5
  
  b7f605030c86e9c698e70b04cbf7b861
- SHA1
  
  58f050c40ee2f597663dbf4e204c9480baeb415f
- SHA256
  
  7382318f5904040997bf14967bce3df6b323bf03901976df75a9b0e822dc5db8
- SHA512
  
  02401799637431ba8952a64ecc42b1c5b70d8b967520c137959ff4a7829e4a34742402363685a1c45d1f3a0c4225f5024eed84d90439625777e927bf9dc268c9
- SSDEEP
  
  12288:RElktyzweXm40fStl4/ukRiZLTJ3r1XmXmF8KMrFiojZV:R0NweXJj4mk4TLmX48KMrFioj
Score

10^/10

modiloader trojan formbook xloader uj3c loader persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

formbookmodiloaderxloaderuj3cloaderpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy