formbook | 1ebe8c4369b01611d9c49ed8aadbbd36de80d306532927b21b426dd0e648f3f3 | Triage

Submit
Reports

Overview

overview

Static

static

PO 30091.exe

windows7_x64

PO 30091.exe

windows10_x64

8

Sharing

General

Target

PO 30091.exe
Size

684KB
Sample

200630-avlpm1gmzn
MD5

9ac778fb946e20543b571464843fd232
SHA1

1ab3d9251802a6f3c8475cdbf9f7276689b61dd7
SHA256

1ebe8c4369b01611d9c49ed8aadbbd36de80d306532927b21b426dd0e648f3f3
SHA512

fb67073a5576592a5775ce1c37d99b378202b33f82ce4efa94a68305e601c1687c179f599551c752399d7e37368280836bf6ef25a2cd729f00c2dbbecf367475

Score

10^/10

formbook evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO 30091.exe

Resource

win7

evasion trojan spyware stealer formbook persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO 30091.exe

Resource

win10v200430

persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  PO 30091.exe
- Size
  
  684KB
- MD5
  
  9ac778fb946e20543b571464843fd232
- SHA1
  
  1ab3d9251802a6f3c8475cdbf9f7276689b61dd7
- SHA256
  
  1ebe8c4369b01611d9c49ed8aadbbd36de80d306532927b21b426dd0e648f3f3
- SHA512
  
  fb67073a5576592a5775ce1c37d99b378202b33f82ce4efa94a68305e601c1687c179f599551c752399d7e37368280836bf6ef25a2cd729f00c2dbbecf367475
Score

10^/10

evasion trojan spyware stealer formbook persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Adds Run entry to policy start application
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanspywarestealerformbookpersistence

behavioral2

persistencespyware

© 2018-2024

Terms | Privacy