formbook | 82478a8a9aad7d755492677e29689c5656bddb130798408bc38a751ccd35cfbd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

vbc.exe
Size

530KB
Sample

221003-p32ybsgbhp
MD5

e0f08dfaeaed44278f920fc7273fdf44
SHA1

5e0c30d0b93c402d537cfb5e07eaa8d56d95d1f4
SHA256

82478a8a9aad7d755492677e29689c5656bddb130798408bc38a751ccd35cfbd
SHA512

dacd0c17a959a682289e8a2425d3987f26e6cbccb0c6c8ef610a8b7e6add41482ff7772c42e71ef35dc084489d400dc14b7e9d4376b7729f5e08a618c8e69f41
SSDEEP

6144:HTouKrWBEu3/Z2lpGDHU3ykJADi/X0+MNfSN5TLCeQap2BUsMD:HToPWBv/cpGrU3yxDmX03NyKa

Score

10^/10

formbook bi0n rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

bi0n

Decoy

3KYw9ovswPHR8QjRyDcR1P46YXc=

/i8gGNAsn2I4VHkv7E44xdsQ

0oYE4IF6u2qKez0TkX0VsLfQKmrUvA==

0nUgH3O7ILSf55sR

B8eQnZvxZq0i

35ZK/5/4VQ/51I0u6044xdsQ

LEkzAqEVlUvz3KShj/I=

FuRY/gTKCbaGD8B4r+CF

WAx3RjCdHNeoyqShj/I=

G9OonMc0ee4OO10=

pVnKruS9wrUShKiD+mxBETGimk6j2w6sbA==

Ek0YsB98EYYQ34QJxDAMpNEJ

Pf3g1xANKHVWtJipZo8tOpc=

avm1BbiAitY/XGkG

AL1jTUvMB9LU8JUx7U44xdsQ

9rY39HDHSAvJ3wT5a5h0NXS4FX8=

uNfEhR+jBsooG0Q=

z4kkKTW4P6VO8hXISnhTWQ==

yU0Km8lo11zmnlU=

FL1xdvfWE7Z172AKWeU=

Targets

- Target
  
  vbc.exe
- Size
  
  530KB
- MD5
  
  e0f08dfaeaed44278f920fc7273fdf44
- SHA1
  
  5e0c30d0b93c402d537cfb5e07eaa8d56d95d1f4
- SHA256
  
  82478a8a9aad7d755492677e29689c5656bddb130798408bc38a751ccd35cfbd
- SHA512
  
  dacd0c17a959a682289e8a2425d3987f26e6cbccb0c6c8ef610a8b7e6add41482ff7772c42e71ef35dc084489d400dc14b7e9d4376b7729f5e08a618c8e69f41
- SSDEEP
  
  6144:HTouKrWBEu3/Z2lpGDHU3ykJADi/X0+MNfSN5TLCeQap2BUsMD:HToPWBv/cpGrU3yxDmX03NyKa
Score

10^/10

formbook bi0n rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookbi0nratspywarestealertrojan

behavioral2

formbookbi0nratspywarestealertrojan