formbook | 1cc899a5fc4a3e7fe1c9d1265b60a4faf51bc1df3e4b25c088979755410fa954 | Triage

Submit
Reports

Overview

overview

Static

static

4b1ad896be...2b.exe

windows7_x64

4b1ad896be...2b.exe

windows10_x64

7

Sharing

General

Target

4b1ad896be5b7e954882fce34bd1072b.exe
Size

1.2MB
Sample

200624-tcdvrfewss
MD5

4b1ad896be5b7e954882fce34bd1072b
SHA1

4ecb0c52aac20465e46e46514f0e23a8bfbf83eb
SHA256

1cc899a5fc4a3e7fe1c9d1265b60a4faf51bc1df3e4b25c088979755410fa954
SHA512

14f107e3c824f039f1ad910363b098232bb73602b7881fdbf68494901becffe28811ff7943a6b5a1ac5b0f2f34cf4040fbe41de520587b83f1b0c398e1a44d8e

Score

10^/10

formbook evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

4b1ad896be5b7e954882fce34bd1072b.exe

Resource

win7v200430

trojan spyware stealer formbook persistence evasion

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4b1ad896be5b7e954882fce34bd1072b.exe

Resource

win10v200430

persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4b1ad896be5b7e954882fce34bd1072b.exe
- Size
  
  1.2MB
- MD5
  
  4b1ad896be5b7e954882fce34bd1072b
- SHA1
  
  4ecb0c52aac20465e46e46514f0e23a8bfbf83eb
- SHA256
  
  1cc899a5fc4a3e7fe1c9d1265b60a4faf51bc1df3e4b25c088979755410fa954
- SHA512
  
  14f107e3c824f039f1ad910363b098232bb73602b7881fdbf68494901becffe28811ff7943a6b5a1ac5b0f2f34cf4040fbe41de520587b83f1b0c398e1a44d8e
Score

10^/10

trojan spyware stealer formbook persistence evasion
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Adds Run entry to policy start application
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trojanspywarestealerformbookpersistenceevasion

behavioral2

persistencespyware

© 2018-2024

Terms | Privacy