formbook | 0126229f8705c7f0f5af5313b7e8d7fcf95491eaa70c85aa89b88fd403a7fa11 | Triage

Submit
Reports

Overview

overview

Static

static

3

Ylvjcujvcjtsqv.exe

windows10-2004-x64

Sharing

General

Target

7e96df222cde2eabac8574842a96f094.zip
Size

1.9MB
Sample

231130-dxcwgafc74
MD5

c6701cc9e922ad97efaf95dff47d8b33
SHA1

baa75a03e9382988e862eb14608f08110d0ff23a
SHA256

0126229f8705c7f0f5af5313b7e8d7fcf95491eaa70c85aa89b88fd403a7fa11
SHA512

eb44b03566010fcf36e52b5e137e09bcaaa050715e40c16fa400d896becd075be268bbf956bda3c558ba91438cdff7dd1173250c5f5a58fce1b6d9a8c8289092
SSDEEP

49152:RiKEuF/QsahoyP8Vt6VUOGYugGqF41spS62E:OuF/hah+t6VU9Lk

Score

10^/10

formbook modiloader ao65 persistence rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Ylvjcujvcjtsqv.exe

Resource

win10v2004-20231127-en

formbook modiloader ao65 persistence rat spyware stealer trojan

windows10-2004-x64

20 signatures

1200 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ao65

Decoy

spins2023.pro

foodontario.com

jsnmz.com

canwealljustagree.com

shopthedivine.store

thelakahealth.com

kuis-raja-borong.website

hbqc2.com

optimusvisionlb.com

urdulatest.com

akhayarplus.com

info-antai-service.com

kermisbedrijfkramer.online

epansion.com

gxqingmeng.top

maltsky.net

ictwath.com

sharmafootcare.com

mycheese.net

portfoliotestkitchen.com

gwhi13.cfd

fuzzybraintrivia.com

thnkotb.com

merchdojacat.com

1techtrendzstore.com

cnkclaw.net

xsslm888.com

musecheng.net

flowandfield.online

somdevista.com

baissm.top

xn--88-uqi1dtk.com

cewra.com

stellarskyline.com

mbutunerfitness.com

ssongg13916.cfd

sprockettrucking.com

boonts.cfd

oaistetic.com

enfejbazi1sjrttrsjegfwafe.click

you-can-too.com

chamdiemcchc.com

mrgdistilling.info

yptv1.com

ecofare.xyz

ouxodb001.cfd

sdymavillageculturehouse.com

carbolife.net

iokgw1.top

harmonicod.com

bbpinata.com

grfngr.design

colibriinvest.com

infossphere.space

glistenbeautylounge.com

paysprinters.online

ruhaniiyat.com

leathfortexas.com

tuesdayfolder.com

autoinsurancebound.com

scwanguan.fun

darkcreamslivki.xyz

0qtqg.com

ycth3hhtkd.asia

hivaom.top

Targets

- Target
  
  Ylvjcujvcjtsqv.exe
- Size
  
  2.8MB
- MD5
  
  9036abae6529a51f5d50825d88dc95a4
- SHA1
  
  5c10c6dc6146db9f545dd1e8fbac70fe2c333a8a
- SHA256
  
  1117ea5185a8c16dbc9af96cbb580f5ac55a5f4bc0963e149c83a6c9c35dba7a
- SHA512
  
  d9a9ce7096cc24985e8f2731e67e57abf7f24ea5213051b15a7951731db263f7a741b955fa672157c46d9e69ef5df614148b95ffbff246f7999df610be854c47
- SSDEEP
  
  49152:Xm/PpH8yc0/wU2lpe63ZrxKrVEbRIqiPt41uFehg1mQzZ:XOpcyV/wjpdZrxEVEtI14wqnY
Score

10^/10

formbook modiloader ao65 persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookmodiloaderao65persistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy