formbook | 336024c1299d7903a83d3dc3f1575349d747c883fcfd29d014931c3887101c45 | Triage

Submit
Reports

Overview

overview

Static

static

MV EVER DI...df.exe

windows7_x64

7

MV EVER DI...df.exe

windows10_x64

Sharing

General

Target

MV EVER DIADEM YOY 149E_pdf.exe
Size

935KB
Sample

200713-hp322nmb8s
MD5

14e3a0848d049b549462fe90f204e0a2
SHA1

42272a41052942331ee7c8409c008cc63aacd14a
SHA256

336024c1299d7903a83d3dc3f1575349d747c883fcfd29d014931c3887101c45
SHA512

b4e9bbe4722791175270766a48a0e67dd1298eb98cf3b5af5839aee0cba4cd0b101ea959bec247cb0114a5c83e209f4e68b03544072774f601f73655f38dff7e

Score

10^/10

formbook evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

MV EVER DIADEM YOY 149E_pdf.exe

Resource

win7

persistence spyware evasion trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MV EVER DIADEM YOY 149E_pdf.exe

Resource

win10v200430

spyware trojan stealer formbook persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  MV EVER DIADEM YOY 149E_pdf.exe
- Size
  
  935KB
- MD5
  
  14e3a0848d049b549462fe90f204e0a2
- SHA1
  
  42272a41052942331ee7c8409c008cc63aacd14a
- SHA256
  
  336024c1299d7903a83d3dc3f1575349d747c883fcfd29d014931c3887101c45
- SHA512
  
  b4e9bbe4722791175270766a48a0e67dd1298eb98cf3b5af5839aee0cba4cd0b101ea959bec247cb0114a5c83e209f4e68b03544072774f601f73655f38dff7e
Score

10^/10

persistence spyware evasion trojan stealer formbook
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Adds Run entry to policy start application
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywareevasiontrojan

behavioral2

spywaretrojanstealerformbookpersistence

© 2018-2024

Terms | Privacy