formbook | 83ba9d7bcfba422fd9f4e801d8f61901c56473d287d952a41530f6a49c59c905 | Triage

Submit
Reports

Overview

overview

Static

static

Covid-19 v...es.exe

windows7_x64

Covid-19 v...es.exe

windows10_x64

6

Sharing

General

Target

Covid-19 vaccines samples.arj
Size

25KB
Sample

200402-mbkpsphpan
MD5

03db3c58e9ff87b03894a49263546b9c
SHA1

ec7946929e717862a5dfeee3faed6c59b41711f9
SHA256

83ba9d7bcfba422fd9f4e801d8f61901c56473d287d952a41530f6a49c59c905
SHA512

67ee3595de4cd28f4c7adf0ca5159f1ffeec7a776759d78394da98a2ecb2d43183f07e9c8457d3888290346fd12b3581892081d488317cb1ef48636a5b9ffeac

Score

10^/10

formbook evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Covid-19 vaccines samples.exe

Resource

win7v200217

evasion spyware trojan stealer formbook persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Covid-19 vaccines samples.exe

Resource

win10v200217

evasion spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Covid-19 vaccines samples.exe
- Size
  
  108KB
- MD5
  
  46ed637f1480905b94113f87211cbd38
- SHA1
  
  6ac546722e341654d3ddabbeab0e20de77296fe0
- SHA256
  
  52bca6a14b850bcd73ab0dd52a8f5be9e00ccb9ca7743a42bb44f236dc4d5a45
- SHA512
  
  70a4170b251c5eba6fb3f549f9f476fe1f01aadae2bdff211f208664ca8fa72697d1f87fd880e8c3dc8c13214ee2e71c4cf0c30f03962277e0051cbc442d929e
Score

10^/10

evasion spyware trojan stealer formbook persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Adds Run entry to policy start application
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Modifies system certificate store
  evasion spyware trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

evasionspywaretrojanstealerformbookpersistence

behavioral2

evasionspywaretrojan

© 2018-2024

Terms | Privacy