formbook

General

Target

REQUEST FOR QUOTATION.js
Size

398KB
Sample

221123-rs973ahd93
MD5

221959c0cb83f333ff5626250f07150d
SHA1

edc81bb47ec361697e8a4c989e21ce08b73c9df9
SHA256

3be91a04e20428350874375f4d47ae9240c5e64c7e37deac6fcafd1968933063
SHA512

ea4049d06dac1c16ddf1148998f2d6599f38b0cd2863655e62fcd713b239f2313db89c19c28486da24e7648041fb052b42a966ca68e5512fc1598ab754620b35
SSDEEP

6144:6rnjtDt1a3nLZtHf4ROEGXpWtFRsgDEzVaC+Y8vzOBWesNR0KyfbVX8YBVJlq5:sth1qff4AEQ+EzVaChwO4pK3DVXTa

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c0e5

Decoy

educao.pet

e-race.store

clitzhyper.com

webcheetahtech.online

akkarr.online

odevillage.fit

yaignav.site

191u.us

misionartv.store

leadingpastor.com

claudio-vega.store

9mck753.com

system-reminder.live

landsharesfg.net

lmcsf.top

mkstoreacesse.com

2023.domains

yb8.mobi

2q02f4fyxg7ybb18.digital

logtray.shop

Targets

- Target
  
  REQUEST FOR QUOTATION.js
- Size
  
  398KB
- MD5
  
  221959c0cb83f333ff5626250f07150d
- SHA1
  
  edc81bb47ec361697e8a4c989e21ce08b73c9df9
- SHA256
  
  3be91a04e20428350874375f4d47ae9240c5e64c7e37deac6fcafd1968933063
- SHA512
  
  ea4049d06dac1c16ddf1148998f2d6599f38b0cd2863655e62fcd713b239f2313db89c19c28486da24e7648041fb052b42a966ca68e5512fc1598ab754620b35
- SSDEEP
  
  6144:6rnjtDt1a3nLZtHf4ROEGXpWtFRsgDEzVaC+Y8vzOBWesNR0KyfbVX8YBVJlq5:sth1qff4AEQ+EzVaChwO4pK3DVXTa
Score

10^/10

formbook vjw0rm c0e5 rat spyware stealer trojan worm
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Formbook payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vjw0rm

Formbook payload

Blocklisted process makes network request

Executes dropped EXE

Checks computer location settings

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2