formbook | 884c7ea15aba23c993192d3c0641508443f594ae71c15d068d42fe7022ad82b5 | Triage

Submit
Reports

Overview

overview

Static

static

41f341ae99...1d.exe

windows7_x64

41f341ae99...1d.exe

windows10_x64

3

Sharing

General

Target

fm1.zip
Size

238KB
Sample

200713-3lxgmvj9kn
MD5

f12cba59e614a7d49d54418ac8aaa8b2
SHA1

cdf5ef0cc4e2d2cdc7a2dc23eb2bb4c9c4d26c69
SHA256

884c7ea15aba23c993192d3c0641508443f594ae71c15d068d42fe7022ad82b5
SHA512

757e21466572536a1910ae9e612a90c519cad56915ca9e707c59582d929e116480b2b298994ffb544d31927b31a097f3204dce42727d5bb483a31e17d81380a3

Score

10^/10

formbook persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

41f341ae994cf53488e0a96a6a531c9ef26c31ad763b7f858b278657051be31d.exe

Resource

win7v200430

trojan spyware stealer formbook persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

41f341ae994cf53488e0a96a6a531c9ef26c31ad763b7f858b278657051be31d.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  41f341ae994cf53488e0a96a6a531c9ef26c31ad763b7f858b278657051be31d.exe
- Size
  
  532KB
- MD5
  
  b2f556607df50936eb1c0664034427ba
- SHA1
  
  7ca4894a3804e721e85d31941bec38170099226e
- SHA256
  
  41f341ae994cf53488e0a96a6a531c9ef26c31ad763b7f858b278657051be31d
- SHA512
  
  a1ded171b38c3e5a37dba096e8c04b19c7cd3e46587b7681c00df2baad1e28a2ac917857e0c59de7448ed353383dc6b75c4f2cd93804028e05223bada11b471a
Score

10^/10

trojan spyware stealer formbook persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trojanspywarestealerformbookpersistence

behavioral2

© 2018-2024

Terms | Privacy