formbook | 8d9a34f51bcef521b4dad284038743c1cce9b9481d558225e33add85c4c9173b | Triage

Submit
Reports

Overview

overview

Static

static

8

bin 1.xls

windows7_x64

bin 1.xls

windows10_x64

Sharing

General

Target

bin 1.xls
Size

183KB
Sample

200731-kqa52nsg1j
MD5

ad085c2d0b11bd6268b5cf5e1f86c6d2
SHA1

20aa89a8d2cb83226065e4ecf97799409f9fd2ae
SHA256

8d9a34f51bcef521b4dad284038743c1cce9b9481d558225e33add85c4c9173b
SHA512

3ff47f33dc1fb6d9e9197c345153febe4388923ac7e27e87e3ea97d2bf7dde7dd62fcc02f2768fabd6ac4764bf48df0f0b6388719167b8b9ba1b350e16e44b12

Score

10^/10

formbook evasion macro rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

bin 1.xls

Resource

win7v200722

rat spyware evasion trojan stealer formbook

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bin 1.xls

Resource

win10v200722

rat trojan spyware stealer formbook

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bin 1.xls
- Size
  
  183KB
- MD5
  
  ad085c2d0b11bd6268b5cf5e1f86c6d2
- SHA1
  
  20aa89a8d2cb83226065e4ecf97799409f9fd2ae
- SHA256
  
  8d9a34f51bcef521b4dad284038743c1cce9b9481d558225e33add85c4c9173b
- SHA512
  
  3ff47f33dc1fb6d9e9197c345153febe4388923ac7e27e87e3ea97d2bf7dde7dd62fcc02f2768fabd6ac4764bf48df0f0b6388719167b8b9ba1b350e16e44b12
Score

10^/10

rat spyware evasion trojan stealer formbook
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ratspywareevasiontrojanstealerformbook

behavioral2

rattrojanspywarestealerformbook

© 2018-2024

Terms | Privacy