General
-
Target
vbc.exe
-
Size
545KB
-
Sample
220705-rv9z3scaf4
-
MD5
02a99e9171b3118afeddaa1e051ce765
-
SHA1
46ef8e1d17b9b7743a025d9e08fc357fd0c0abe4
-
SHA256
40ed94480e803c385fd0def0efcba1c9f5e6e52056a5793fdac140066a410eb2
-
SHA512
2e0e74ba6b3d335c892ad22a3e57c41fd8a934663efc0fa7698ac113990742f3b61cd552decf828d10fc51acbea3794759e73e93e5ede04e897ab326b022761f
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
p63n
personalrecargas-arg.com
headsetaccessories.xyz
sunriseboutique21.com
ubeafrika.com
shopnyoot.com
driverksa.info
ilikespeedracer.net
akdambakdam.com
bethe1responder.com
gfhd.online
n9bot.site
hstyz.com
buyresellerdomain.com
matoaciganjur.com
mainlineb.com
q385-yogen.net
squamation.top
thebeardedcrow.com
cannaverse.xyz
cracksoftpc.net
hertok.online
mopygames.com
certifiedtechdirect.mobi
kahramanmarasgayrimenkul.com
wormbooklibrary.com
advisernutrition.info
frldsend.space
cavoc.xyz
hinsbrookbank.com
beertime.xyz
dollarvigilante247.com
veriprofessional.online
dresstheblacksheep.com
bunchichi.info
psyiqhpxrjwsmve.com
jelloartisan.com
hbqygl.com
klariondesigns.com
brightmindsahead.community
oliverpeoplesmalaysia.com
bidentist.xyz
ayurvedicyoggram.com
nataliestrachey.club
marktplatz-mannheim.com
newwebsitee.com
97089e.com
nikeboy1001.xyz
americanase.com
webster-sports.com
medivirtus.com
mdyy30.xyz
churchill.beauty
jacdia.com
sdlkrth.xyz
jun88k.net
tjetrainline.com
catscheck.com
lkfs.media
ggbcc.net
ytbwgeerw.space
marketingent.xyz
carollourieri.com
kawakamiph.com
topframelessglass.com
rainwaterbotanicals.store
Targets
-
-
Target
vbc.exe
-
Size
545KB
-
MD5
02a99e9171b3118afeddaa1e051ce765
-
SHA1
46ef8e1d17b9b7743a025d9e08fc357fd0c0abe4
-
SHA256
40ed94480e803c385fd0def0efcba1c9f5e6e52056a5793fdac140066a410eb2
-
SHA512
2e0e74ba6b3d335c892ad22a3e57c41fd8a934663efc0fa7698ac113990742f3b61cd552decf828d10fc51acbea3794759e73e93e5ede04e897ab326b022761f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-