formbook | de53adf60004bf3b4ba4129f661a5d17afe580ce7210184cd938d185ce595fd5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Yglwulsvxiiswr_1.zip
Size

472KB
Sample

231004-l1m5lsag7w
MD5

d705674dc64e2a9f8dd53c1d25d4d879
SHA1

56b83168ed85340df5188e70b2d2f71fc6f93d18
SHA256

de53adf60004bf3b4ba4129f661a5d17afe580ce7210184cd938d185ce595fd5
SHA512

33453ee6be2570cabdd16bb8e4e5326c971c7da88d9e5ad17c26f8f7185d07377874717b30528153cea75dbf86a0eb6f6b6fd611e5d02c511fe4224997a52156
SSDEEP

12288:qaNMV1MUoHvA6VhP9OFZhpc88H6evk1GftzW4Vl4qusVrEuJkV:1I1EvAc9gjc8je81GpW4vCsVr5JkV

Score

10^/10

formbook modiloader fadc persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fadc

Decoy

protechdream.com

faireco.life

bakrinhome.com

bustygirl.xyz

kbif.info

ningo.bond

hollywoodcircleevents.site

eapv-uabjo.com

852bets.com

nooption.online

global-strategy.pro

cartaonline.online

sacredbones2023.com

barsandbands.fun

liftchairs-info-mx.today

delamar.one

shuntianyuan.net

americanworldsolutions.com

julitv.net

criativax.com

Targets

- Target
  
  Yglwulsvxiiswr.exe
- Size
  
  1.1MB
- MD5
  
  7f11fbaa2959fa9da839e42e2e52619a
- SHA1
  
  06b5a1c77c5965950b2b2cccfad6bad9b7579d53
- SHA256
  
  ac00251b8ba5b7bd219bb23bb5134a11f1215d19aaa0915e5a00d7906906b19a
- SHA512
  
  92f67ba06e05949870c7aa5f4144125a466d8ea604b116729133a18b287c3d44e584b0091543e04bc8f0fc399754f4a723d08522484390bf2a626cab275421b1
- SSDEEP
  
  24576:1RxK0h0gJ+HYS9XsILx0P83H5M8OG31WYm3:1RN+Hm3
Score

10^/10

modiloader trojan formbook fadc persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

formbookmodiloaderfadcpersistenceratspywarestealertrojan