formbook | 4ed24c2c7b18a13dfa27714299c8f223eee7e0cf8b3c9ea432bbf243ddb0b906 | Triage

Submit
Reports

Overview

overview

Static

static

invoice.MCT.JPG.SCR

windows7_x64

invoice.MCT.JPG.SCR

windows10_x64

8

Sharing

General

Target

invoice.MCT.JPG.SCR
Size

60KB
Sample

200213-z9qwezbb56
MD5

3a6dc65c259ee7fa8e5f0456431b8564
SHA1

220ed37dd2b51095f419b48147caeec12ce47940
SHA256

4ed24c2c7b18a13dfa27714299c8f223eee7e0cf8b3c9ea432bbf243ddb0b906
SHA512

98b345492c9e1035f01167a401d4930c57e53e8e2ff95332f85f2d1ab5d56ed19929ca8b412151221c1bebd889ad35ce8d2ab7014d69427b938ef165b0399373

Score

10^/10

formbook evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

invoice.MCT.JPG.SCR

Resource

win7v191014

evasion spyware trojan persistence stealer formbook

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

invoice.MCT.JPG.SCR

Resource

win10v191014

persistence spyware evasion trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  invoice.MCT.JPG.SCR
- Size
  
  60KB
- MD5
  
  3a6dc65c259ee7fa8e5f0456431b8564
- SHA1
  
  220ed37dd2b51095f419b48147caeec12ce47940
- SHA256
  
  4ed24c2c7b18a13dfa27714299c8f223eee7e0cf8b3c9ea432bbf243ddb0b906
- SHA512
  
  98b345492c9e1035f01167a401d4930c57e53e8e2ff95332f85f2d1ab5d56ed19929ca8b412151221c1bebd889ad35ce8d2ab7014d69427b938ef165b0399373
Score

10^/10

evasion spyware trojan persistence stealer formbook
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Adds Run entry to policy start application
  persistence
- Deletes itself
- Checks whether UAC is enabled
  evasion trojan
- Modifies system certificate store
  evasion spyware trojan
- Reads browser user data or profiles (possible credential harvesting)
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywaretrojanpersistencestealerformbook

behavioral2

persistencespywareevasiontrojan

© 2018-2024

Terms | Privacy