formbook

General

Target

.vbc.exe
Size

490KB
Sample

211209-fh7teaahb5
MD5

b7e32f44c7595788dd211a2aed1f3148
SHA1

3e42a6d436a6a62b97fbe6cc668f93d147b4697b
SHA256

8a2a6b216395521669c364a3f7478688a495e007c1e547db45a94780e32663f9
SHA512

5088109b015a81b013a5fd952fb9b16dc9d5f63027a543bf1abb3dde5fe0a8a0ca6fd894d33bed4f015a529dcf984d034227cc56a9b453a5b163bafe96fbb9a8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

C2

http://www.celikkaya.xyz/og2w/

Decoy

drivenexpress.info

pdfproxy.com

zyz999.top

oceanserver1.com

948289.com

nubilewoman.com

ibizadiamonds.com

bosniantv-australia.com

juliehutzell.com

poshesocial.events

icsrwk.xyz

nap-con.com

womansslippers.com

invictusfarm.com

search-panel-avg-rock.rest

desencriptar.com

imperialexoticreptiles.com

agastify.com

strinvstr.com

julianapeloi.com

Targets

- Target
  
  .vbc.exe
- Size
  
  490KB
- MD5
  
  b7e32f44c7595788dd211a2aed1f3148
- SHA1
  
  3e42a6d436a6a62b97fbe6cc668f93d147b4697b
- SHA256
  
  8a2a6b216395521669c364a3f7478688a495e007c1e547db45a94780e32663f9
- SHA512
  
  5088109b015a81b013a5fd952fb9b16dc9d5f63027a543bf1abb3dde5fe0a8a0ca6fd894d33bed4f015a529dcf984d034227cc56a9b453a5b163bafe96fbb9a8
Score

10^/10

formbook og2w rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2