formbook | f58398d719869f9ce7478274ee24fe8c714184d37289efc2496c0ba52c64e0ce | Triage

Submit
Reports

Overview

overview

Static

static

Orderfor july.xlsx

windows7_x64

Orderfor july.xlsx

windows10_x64

1

Sharing

General

Target

Orderfor july.xlsx
Size

14KB
Sample

200708-b1a3gzrnpj
MD5

d27eeb485092524e4b2080ec1260da80
SHA1

ea9031e9ffdefbcd760ca2dcc8f5c7015e113b51
SHA256

f58398d719869f9ce7478274ee24fe8c714184d37289efc2496c0ba52c64e0ce
SHA512

23f5b1089624c01804a7aec893c6a465f028347be52ff78d0505e38b847e2537a6ccebb65e01a1d9aa45cb4a1fbb60e06d34d182203dfd38169729e169f22a7f

Score

10^/10

formbook evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Orderfor july.xlsx

Resource

win7

trojan spyware stealer formbook persistence evasion

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Orderfor july.xlsx

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Orderfor july.xlsx
- Size
  
  14KB
- MD5
  
  d27eeb485092524e4b2080ec1260da80
- SHA1
  
  ea9031e9ffdefbcd760ca2dcc8f5c7015e113b51
- SHA256
  
  f58398d719869f9ce7478274ee24fe8c714184d37289efc2496c0ba52c64e0ce
- SHA512
  
  23f5b1089624c01804a7aec893c6a465f028347be52ff78d0505e38b847e2537a6ccebb65e01a1d9aa45cb4a1fbb60e06d34d182203dfd38169729e169f22a7f
Score

10^/10

trojan spyware stealer formbook persistence evasion
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Adds Run entry to policy start application
  persistence
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trojanspywarestealerformbookpersistenceevasion

behavioral2

© 2018-2024

Terms | Privacy