formbook

General

Target

vbc.exe
Size

1.4MB
Sample

210119-kj63mnevss
MD5

7d752130c300fcf1d2cd1668fc29ae28
SHA1

ec52bc66ee4f080618fdc06aa994765c0adc6dee
SHA256

7a434269888c9382307a609aceba2b185542ab901cda169d761c2650c84f2f4e
SHA512

72d0a485ee362f5c1688c5dc2e6507ecaa18f574e73ef8b9e9d71b94179f361ed106e05824c43e5f3eeda8bcc9c1b8c471bd2dac94f4497388b5cf78681aa928

Score

10^/10

Malware Config

Extracted

Family

formbook

C2

http://www.aftabzahur.com/wgn/

Decoy

kokokara-life-blog.com

faswear.com

futureleadershiptoday.com

date4done.xyz

thecouponinn.com

bbeycarpetsf.com

propolisnasalspray.com

jinjudiamond.com

goodevectors.com

nehyam.com

evalinkapuppets.com

what-if-statistics.com

rateofrisk.com

impacttestonlinne.com

servis-kaydet.info

coloniacafe.com

marcemarketing.com

aarigging.com

goddesswitchery.com

jasqblo.icu

Targets

- Target
  
  vbc.exe
- Size
  
  1.4MB
- MD5
  
  7d752130c300fcf1d2cd1668fc29ae28
- SHA1
  
  ec52bc66ee4f080618fdc06aa994765c0adc6dee
- SHA256
  
  7a434269888c9382307a609aceba2b185542ab901cda169d761c2650c84f2f4e
- SHA512
  
  72d0a485ee362f5c1688c5dc2e6507ecaa18f574e73ef8b9e9d71b94179f361ed106e05824c43e5f3eeda8bcc9c1b8c471bd2dac94f4497388b5cf78681aa928
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2