formbook | 9c1501fbd2eb669ccbe4a41e37770191e954e6f0dd3e0a954a0670a91df3917c | Triage

Submit
Reports

Overview

overview

Static

static

Quotation.exe

windows7_x64

6

Quotation.exe

windows10_x64

Sharing

General

Target

Quotation.exe
Size

233KB
Sample

200710-n85pt19xxe
MD5

560be75b2b6cfdace7266e5e345f242a
SHA1

0217bcea49f188b04f5d4b2d35c9c2e10be55189
SHA256

9c1501fbd2eb669ccbe4a41e37770191e954e6f0dd3e0a954a0670a91df3917c
SHA512

577e82392b55506580cff192eee0e389f5bc6a3c53939da1aa7fb73985425a2a3d98f6acf2fb6606be1278d6e3a62863a575ea910f27810eb4c7e5d6027b7ed1

Score

10^/10

formbook evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quotation.exe

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quotation.exe

Resource

win10v200430

trojan spyware stealer formbook persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Quotation.exe
- Size
  
  233KB
- MD5
  
  560be75b2b6cfdace7266e5e345f242a
- SHA1
  
  0217bcea49f188b04f5d4b2d35c9c2e10be55189
- SHA256
  
  9c1501fbd2eb669ccbe4a41e37770191e954e6f0dd3e0a954a0670a91df3917c
- SHA512
  
  577e82392b55506580cff192eee0e389f5bc6a3c53939da1aa7fb73985425a2a3d98f6acf2fb6606be1278d6e3a62863a575ea910f27810eb4c7e5d6027b7ed1
Score

10^/10

evasion trojan spyware stealer formbook persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Adds Run entry to policy start application
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- js
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

trojanspywarestealerformbookpersistence

© 2018-2024

Terms | Privacy