formbook | 66c7d769249d9da750ff736b447f0573c7cd5432a680e3a72d09bc1e238e83d1 | Triage

Sharing

General

Target

Order confirmation, Invoice.exe
Size

1.8MB
Sample

231122-vhy9ladg45
MD5

08be0b23f7706fcfddf96ae258a67249
SHA1

54b9491995dda5b4849c5f10afc53175e0f67bd9
SHA256

66c7d769249d9da750ff736b447f0573c7cd5432a680e3a72d09bc1e238e83d1
SHA512

716a7751942e38f097c881bed9e6389043ed6360ca3f1dd65dd7ae644f6967ecaa9a9445295c31ac9d7e58ec316672d6b1c3b165a0473c8da2b276dfb2239a44
SSDEEP

49152:aD4+yRMXpcOX8IxTqh0eJa3DZEe9sRuCVCW4FMyqChsyfue9T:aDqRMXpcOXX8Za31CuCchMXC+yf

Score

10^/10

formbook modiloader ao65 persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ao65

Decoy

spins2023.pro

foodontario.com

jsnmz.com

canwealljustagree.com

shopthedivine.store

thelakahealth.com

kuis-raja-borong.website

hbqc2.com

optimusvisionlb.com

urdulatest.com

akhayarplus.com

info-antai-service.com

kermisbedrijfkramer.online

epansion.com

gxqingmeng.top

maltsky.net

ictwath.com

sharmafootcare.com

mycheese.net

portfoliotestkitchen.com

Targets

- Target
  
  Order confirmation, Invoice.exe
- Size
  
  1.8MB
- MD5
  
  08be0b23f7706fcfddf96ae258a67249
- SHA1
  
  54b9491995dda5b4849c5f10afc53175e0f67bd9
- SHA256
  
  66c7d769249d9da750ff736b447f0573c7cd5432a680e3a72d09bc1e238e83d1
- SHA512
  
  716a7751942e38f097c881bed9e6389043ed6360ca3f1dd65dd7ae644f6967ecaa9a9445295c31ac9d7e58ec316672d6b1c3b165a0473c8da2b276dfb2239a44
- SSDEEP
  
  49152:aD4+yRMXpcOX8IxTqh0eJa3DZEe9sRuCVCW4FMyqChsyfue9T:aDqRMXpcOXX8Za31CuCchMXC+yf
Score

10^/10

modiloader trojan formbook ao65 persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

formbookmodiloaderao65persistenceratspywarestealertrojan