formbook | ce4764b6234abdbe6f67d1f7c8a54fc7908208a2aec45b6135407cf2e87e67c2 | Triage

Submit
Reports

Overview

overview

Static

static

shipping d...PL.exe

windows7_x64

shipping d...PL.exe

windows10_x64

3

Sharing

General

Target

shipping document INV+PL.exe
Size

414KB
Sample

200731-fr3l5d2ccj
MD5

ca4fbf42b3da386f10f5c82afe65a0bf
SHA1

8fd29038564832e3f356db1a7d6cf3464c3e07cc
SHA256

ce4764b6234abdbe6f67d1f7c8a54fc7908208a2aec45b6135407cf2e87e67c2
SHA512

7b9d3b52811b870862f708577ecf1301634d15c43e23d205be13f57891504b0fc5b2bc10d207afeb9e9c0f035b04f6eab7d2252e6009d28ca51f23bc69ff588f

Score

10^/10

formbook evasion persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

shipping document INV+PL.exe

Resource

win7

rat trojan spyware stealer formbook persistence evasion

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

shipping document INV+PL.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  shipping document INV+PL.exe
- Size
  
  414KB
- MD5
  
  ca4fbf42b3da386f10f5c82afe65a0bf
- SHA1
  
  8fd29038564832e3f356db1a7d6cf3464c3e07cc
- SHA256
  
  ce4764b6234abdbe6f67d1f7c8a54fc7908208a2aec45b6135407cf2e87e67c2
- SHA512
  
  7b9d3b52811b870862f708577ecf1301634d15c43e23d205be13f57891504b0fc5b2bc10d207afeb9e9c0f035b04f6eab7d2252e6009d28ca51f23bc69ff588f
Score

10^/10

rat trojan spyware stealer formbook persistence evasion
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rattrojanspywarestealerformbookpersistenceevasion

behavioral2

© 2018-2024

Terms | Privacy