formbook | a1662b8e9f60ae12d014dc7bf567d136abef56c45d76b65c765c71d411c7ee8f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DucFile567890987667.vbs
Size

3KB
Sample

220908-mjs5zabedp
MD5

0021e2b267700521b4153ecc9e3fbb78
SHA1

7200c21cbf6d6b4f51151532ec503326b8f1e6be
SHA256

a1662b8e9f60ae12d014dc7bf567d136abef56c45d76b65c765c71d411c7ee8f
SHA512

29be1cdbc40269f62bdc486b465ff1f874f271f08695302ba1644d6a56b7491010a5d26f2268240e7b2c4514dadc683d5f5cde573e352e59ab93eeb74d58ee23

Score

10^/10

formbook bic5 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bic5

Decoy

brentepee.xyz

anshinvalue.website

mavalinbv.com

yeankimphotography.com

residentialassessments.com

gentlemenofabudhabi.com

fertilitycaresa.com

webpractice.online

viindopil.xyz

inspired-isp.net

plusbydesigns.com

cambodiaplanet.com

softwarechip.net

hayato-allblue.com

sh-express-transport-inc.com

krenik-amm.com

barisuccessful.com

xtremecleanspro.club

ledmirrordesigns.com

jordansmileswithyou.com

Targets

- Target
  
  DucFile567890987667.vbs
- Size
  
  3KB
- MD5
  
  0021e2b267700521b4153ecc9e3fbb78
- SHA1
  
  7200c21cbf6d6b4f51151532ec503326b8f1e6be
- SHA256
  
  a1662b8e9f60ae12d014dc7bf567d136abef56c45d76b65c765c71d411c7ee8f
- SHA512
  
  29be1cdbc40269f62bdc486b465ff1f874f271f08695302ba1644d6a56b7491010a5d26f2268240e7b2c4514dadc683d5f5cde573e352e59ab93eeb74d58ee23
Score

10^/10

formbook bic5 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

formbookbic5ratspywarestealertrojan