formbook | bf9fd5adc66ebd40de81eda76543a9b798ad480aab0d0316e7d13a6d51525816 | Triage

Submit
Reports

Overview

overview

Static

static

1

a48efe002e...0b.exe

windows7_x64

a48efe002e...0b.exe

windows10_x64

Sharing

General

Target

a48efe002e755fc23f7275abd4ce400b.exe
Size

303KB
Sample

200630-zk8tddp9ex
MD5

a48efe002e755fc23f7275abd4ce400b
SHA1

7cb214b2dc8b861e6ee26ac120e494d43035813b
SHA256

bf9fd5adc66ebd40de81eda76543a9b798ad480aab0d0316e7d13a6d51525816
SHA512

7b8bea89127a5584792e90de20fa8b72867065a3394c4f8065a312e9b273611a3d362c420ea1ea3210d523131e740bcdf7de7a847afba60d6dc98f58e70e178a

Score

10^/10

formbook evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

a48efe002e755fc23f7275abd4ce400b.exe

Resource

win7

trojan spyware stealer formbook persistence evasion

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a48efe002e755fc23f7275abd4ce400b.exe

Resource

win10v200430

persistence spyware trojan stealer formbook

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a48efe002e755fc23f7275abd4ce400b.exe
- Size
  
  303KB
- MD5
  
  a48efe002e755fc23f7275abd4ce400b
- SHA1
  
  7cb214b2dc8b861e6ee26ac120e494d43035813b
- SHA256
  
  bf9fd5adc66ebd40de81eda76543a9b798ad480aab0d0316e7d13a6d51525816
- SHA512
  
  7b8bea89127a5584792e90de20fa8b72867065a3394c4f8065a312e9b273611a3d362c420ea1ea3210d523131e740bcdf7de7a847afba60d6dc98f58e70e178a
Score

10^/10

trojan spyware stealer formbook persistence evasion
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Adds Run entry to policy start application
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trojanspywarestealerformbookpersistenceevasion

behavioral2

persistencespywaretrojanstealerformbook

© 2018-2024

Terms | Privacy