formbook | 7385e28efaddf884f97be5ac178a05d5c6e523a616ba20980121005428fe3765 | Triage

Sharing

General

Target

534353667789.exe
Size

1.0MB
Sample

231211-nl85msddak
MD5

04c891b9979e4852e90c8c061473058c
SHA1

ab22fb90604c58e206bc3bc0c33c0b5768db6fcf
SHA256

7385e28efaddf884f97be5ac178a05d5c6e523a616ba20980121005428fe3765
SHA512

92f7168e7eed554938e5eb9027418734ac8898db2bada777aebc3b58e606a9bfc90cbf1234d98defe15445d9c7e5907878eaf6f1754378144b456b6c7766643e
SSDEEP

24576:0it4uJtHL/PkgSAq5dRHBez6oONXEef2sS5OnYi:0iWiH7P85fsz6oM2mn/

Score

10^/10

formbook modiloader ao65 persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ao65

Decoy

spins2023.pro

foodontario.com

jsnmz.com

canwealljustagree.com

shopthedivine.store

thelakahealth.com

kuis-raja-borong.website

hbqc2.com

optimusvisionlb.com

urdulatest.com

akhayarplus.com

info-antai-service.com

kermisbedrijfkramer.online

epansion.com

gxqingmeng.top

maltsky.net

ictwath.com

sharmafootcare.com

mycheese.net

portfoliotestkitchen.com

Targets

- Target
  
  534353667789.exe
- Size
  
  1.0MB
- MD5
  
  04c891b9979e4852e90c8c061473058c
- SHA1
  
  ab22fb90604c58e206bc3bc0c33c0b5768db6fcf
- SHA256
  
  7385e28efaddf884f97be5ac178a05d5c6e523a616ba20980121005428fe3765
- SHA512
  
  92f7168e7eed554938e5eb9027418734ac8898db2bada777aebc3b58e606a9bfc90cbf1234d98defe15445d9c7e5907878eaf6f1754378144b456b6c7766643e
- SSDEEP
  
  24576:0it4uJtHL/PkgSAq5dRHBez6oONXEef2sS5OnYi:0iWiH7P85fsz6oM2mn/
Score

10^/10

modiloader trojan formbook ao65 persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

formbookmodiloaderao65persistenceratspywarestealertrojan