formbook

General

Target

53506f1598a87e624f80a10d0b9db99790fe3252ae647c334d1957ef0d07721d
Size

746KB
Sample

230707-jy32yafg98
MD5

ef6def73818ea13b53861bd8a9f8b864
SHA1

8336b65aef30e0e1ea91c534fa430f128a910a2e
SHA256

53506f1598a87e624f80a10d0b9db99790fe3252ae647c334d1957ef0d07721d
SHA512

bd9b6a3470d97ea8b47d9057ceb593059102c5304952595294b199228ef4566016e554862543d3e3b21d90efe3f251b56065f8228a9983a79de27dc08a8f29a3
SSDEEP

12288:3GR+Vd0ckynvLwdJgNsycuL573BhZWPNFWrsEL09pmHtJNNW/8kUPQ:3GAVk4Mwom77WGrs9StJNSUP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t3c9

Decoy

shadeshmarriagemedia.com

e-russ.com

sofiashome.com

theworriedwell.com

americantechfront.com

seasonssparkling.com

maximuscanada.net

tifin-private-markets.com

amecc2.net

xuexi22.icu

injectiontek.com

enrrocastoneimports.com

marvelouslightcandleco.com

eaamedia.com

pmediaerp.com

tikivips111.com

chesterfieldcleaningcare.com

thecrowdedtablemusic.com

duncanvillepanthers.com

floriculturajoinville.xyz

Targets

- Target
  
  53506f1598a87e624f80a10d0b9db99790fe3252ae647c334d1957ef0d07721d
- Size
  
  746KB
- MD5
  
  ef6def73818ea13b53861bd8a9f8b864
- SHA1
  
  8336b65aef30e0e1ea91c534fa430f128a910a2e
- SHA256
  
  53506f1598a87e624f80a10d0b9db99790fe3252ae647c334d1957ef0d07721d
- SHA512
  
  bd9b6a3470d97ea8b47d9057ceb593059102c5304952595294b199228ef4566016e554862543d3e3b21d90efe3f251b56065f8228a9983a79de27dc08a8f29a3
- SSDEEP
  
  12288:3GR+Vd0ckynvLwdJgNsycuL573BhZWPNFWrsEL09pmHtJNNW/8kUPQ:3GAVk4Mwom77WGrs9StJNSUP
Score

10^/10

modiloader trojan formbook t3c9 persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook payload

ModiLoader Second Stage

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2