formbook | 2ad4a02a1f907b8036b9bea0fd940bfb47435964b23ffae577080823c86500dd | Triage

Submit
Reports

Overview

overview

Static

static

Confirmati...11.exe

windows7_x64

Confirmati...11.exe

windows10_x64

3

Sharing

General

Target

Confirmation Copy 11.exe
Size

520KB
Sample

200731-823kfjmmm2
MD5

9d317210a5afb36bb85856718b96e1ef
SHA1

e5cf4b696cb785b825322f84cf66c299c27f4068
SHA256

2ad4a02a1f907b8036b9bea0fd940bfb47435964b23ffae577080823c86500dd
SHA512

5d67f53a63d1cd20af6073b16dff41d41922a0b680c041d52364c08528280a399851612cfb7190f96e5788e94eec7d967e53bb4643db06cc475f380a8e02deba

Score

10^/10

formbook evasion persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Confirmation Copy 11.exe

Resource

win7

rat persistence spyware evasion trojan stealer formbook

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Confirmation Copy 11.exe

Resource

win10v200722

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Confirmation Copy 11.exe
- Size
  
  520KB
- MD5
  
  9d317210a5afb36bb85856718b96e1ef
- SHA1
  
  e5cf4b696cb785b825322f84cf66c299c27f4068
- SHA256
  
  2ad4a02a1f907b8036b9bea0fd940bfb47435964b23ffae577080823c86500dd
- SHA512
  
  5d67f53a63d1cd20af6073b16dff41d41922a0b680c041d52364c08528280a399851612cfb7190f96e5788e94eec7d967e53bb4643db06cc475f380a8e02deba
Score

10^/10

rat persistence spyware evasion trojan stealer formbook
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ratpersistencespywareevasiontrojanstealerformbook

behavioral2

© 2018-2024

Terms | Privacy