Overview

overview

10

Static

static

vbc.exe

windows7_x64

7

vbc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc.exe

  • Size

    879KB

  • Sample

    211117-sb6c8adae9

  • MD5

    ec0b0a40c161fcf38f749cfbbe713d2b

  • SHA1

    91c8db93ea8106afe01e6a152fe3cbd55b3b4f18

  • SHA256

    48667ddc42d9eadc23dddc65f60f0de6e58afb6857953f282f7b02c115e9eed4

  • SHA512

    2ca60e1f3d5bad7460a842a7bcbbf9d9f66ce574fbc54d5d68f5778e867e2129e585ada4b7c1d9d004e189309290dabced928903d159b5ad20368306ea1b827e

Score
10/10
formbookog2wpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

C2

http://www.wakecountyrealtyexpert.com/og2w/

Decoy

patriotxf.com

thecreagles.com

riverdenim.com

cybqo.com

zzfangnan.com

empowerhis.com

resiliencewearmiami.com

myticketly.com

pistachio.land

13055.club

millennialsofacertainage.com

jnxdsgc.com

pixelsandplastic.digital

bugroster.com

chargedockz.com

gzyazsp.com

sintec-consultores.com

pourtonmobile.com

upmhss.com

amkanalrajhi.com

Targets

    • Target

      vbc.exe

    • Size

      879KB

    • MD5

      ec0b0a40c161fcf38f749cfbbe713d2b

    • SHA1

      91c8db93ea8106afe01e6a152fe3cbd55b3b4f18

    • SHA256

      48667ddc42d9eadc23dddc65f60f0de6e58afb6857953f282f7b02c115e9eed4

    • SHA512

      2ca60e1f3d5bad7460a842a7bcbbf9d9f66ce574fbc54d5d68f5778e867e2129e585ada4b7c1d9d004e189309290dabced928903d159b5ad20368306ea1b827e

    Score
    10/10
    formbookog2wpersistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

4
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks