formbook

General

Target

cf239505512eadbb67efd822f3b684da.exe
Size

1.1MB
Sample

230711-pcc7aagh26
MD5

cf239505512eadbb67efd822f3b684da
SHA1

3d661914d405692080aaf980c91b4a01a49f6304
SHA256

3df8c09e0234f26d46f193fe7f83f17ce5c0eb0d158a95904a8a07400728dd0a
SHA512

9daf2e52da964424bd35a0e66980b5f5ff4fa3e4cfd599d744e54afb08af9dd0084e4d406f90d25a7cfc94002997dc9484ebe7522505575934b4a6fef2ffc6c8
SSDEEP

12288:6jPvA1qLETL9Vu4StmmYLz11DFJ72LkzLS5T5ZG9yuT7CcnhlOd0QAl9ChIhJf/L:6jPvNLAgChLURZa3T7CcHTf+pbZpbaG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t3c9

Decoy

shadeshmarriagemedia.com

e-russ.com

sofiashome.com

theworriedwell.com

americantechfront.com

seasonssparkling.com

maximuscanada.net

tifin-private-markets.com

amecc2.net

xuexi22.icu

injectiontek.com

enrrocastoneimports.com

marvelouslightcandleco.com

eaamedia.com

pmediaerp.com

tikivips111.com

chesterfieldcleaningcare.com

thecrowdedtablemusic.com

duncanvillepanthers.com

floriculturajoinville.xyz

Targets

- Target
  
  cf239505512eadbb67efd822f3b684da.exe
- Size
  
  1.1MB
- MD5
  
  cf239505512eadbb67efd822f3b684da
- SHA1
  
  3d661914d405692080aaf980c91b4a01a49f6304
- SHA256
  
  3df8c09e0234f26d46f193fe7f83f17ce5c0eb0d158a95904a8a07400728dd0a
- SHA512
  
  9daf2e52da964424bd35a0e66980b5f5ff4fa3e4cfd599d744e54afb08af9dd0084e4d406f90d25a7cfc94002997dc9484ebe7522505575934b4a6fef2ffc6c8
- SSDEEP
  
  12288:6jPvA1qLETL9Vu4StmmYLz11DFJ72LkzLS5T5ZG9yuT7CcnhlOd0QAl9ChIhJf/L:6jPvNLAgChLURZa3T7CcHTf+pbZpbaG
Score

10^/10

modiloader trojan formbook t3c9 persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Formbook payload

ModiLoader Second Stage

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2