formbook | ae438370eda70ba48a763c526e61b068e16d11cbd00e9cb504d6f1eeb7442d22 | Triage

Submit
Reports

Overview

overview

Static

static

benzway.exe

windows7_x64

benzway.exe

windows10_x64

Sharing

General

Target

benzway.exe
Size

686KB
Sample

200630-jpqy9jlgvs
MD5

b299b28f77a9de1c0f5bb30cf8522aa2
SHA1

ae5ec84f56c65239862745ef217d6b883f0375d6
SHA256

ae438370eda70ba48a763c526e61b068e16d11cbd00e9cb504d6f1eeb7442d22
SHA512

2180b191e4a5bf82443c85e74f68bf63ea6a821ac26813c46e50acf4fda5cdbb6303f1f13510c18e0081ac3ffcf563857c76ce05fffafcde3a6d763373d007ec

Score

10^/10

formbook evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

benzway.exe

Resource

win7v200430

evasion trojan spyware stealer formbook persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

benzway.exe

Resource

win10

persistence spyware trojan stealer formbook

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  benzway.exe
- Size
  
  686KB
- MD5
  
  b299b28f77a9de1c0f5bb30cf8522aa2
- SHA1
  
  ae5ec84f56c65239862745ef217d6b883f0375d6
- SHA256
  
  ae438370eda70ba48a763c526e61b068e16d11cbd00e9cb504d6f1eeb7442d22
- SHA512
  
  2180b191e4a5bf82443c85e74f68bf63ea6a821ac26813c46e50acf4fda5cdbb6303f1f13510c18e0081ac3ffcf563857c76ce05fffafcde3a6d763373d007ec
Score

10^/10

evasion trojan spyware stealer formbook persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Adds Run entry to policy start application
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanspywarestealerformbookpersistence

behavioral2

persistencespywaretrojanstealerformbook

© 2018-2024

Terms | Privacy