formbook

General

Target

Urgent quote request -pdf-.js
Size

341KB
Sample

221128-jfamnsfc48
MD5

59b4d0fb62bea58db86b5f9b82382f21
SHA1

57bae158e509b8e23c3347efeaf00553920b8bf6
SHA256

3580ae39b6b33aa67838c5c1ca91b6aebf91e470360fb13072497e85df748871
SHA512

d09975b8ecf9de689bf7e9cebfa9430940b6f465e00a15b4baeb839c598c61cac380263db96f027ef4328b705a773c3a4543961ba1806cc31c86a2fd82f29e6e
SSDEEP

6144:D9w3fOYrR6SInG2u3Wp4cwRDyTlMiAaJ/jpPiWUiSFtroVSSM1tZQfm:YWaR6SInGj3WN6DyhMiASjpPhSFtroVI

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a24e

Decoy

flormarine.co.uk

theglazingsquad.uk

konarkpharma.com

maxpropertyfinanceuk.co.uk

jackson-ifc.com

yvonneazevedoimoveis.net

baystella.com

arexbaba.online

trihgd.xyz

filth520571.com

cikpkg.cfd

jakesupport.com

8863365.com

duniaslot777.online

lop3a.com

berkut-clan.ru

lernnavigator.com

elenaisaprincess.co.uk

daimadaquan.xyz

mychirocart.net

Targets

- Target
  
  Urgent quote request -pdf-.js
- Size
  
  341KB
- MD5
  
  59b4d0fb62bea58db86b5f9b82382f21
- SHA1
  
  57bae158e509b8e23c3347efeaf00553920b8bf6
- SHA256
  
  3580ae39b6b33aa67838c5c1ca91b6aebf91e470360fb13072497e85df748871
- SHA512
  
  d09975b8ecf9de689bf7e9cebfa9430940b6f465e00a15b4baeb839c598c61cac380263db96f027ef4328b705a773c3a4543961ba1806cc31c86a2fd82f29e6e
- SSDEEP
  
  6144:D9w3fOYrR6SInG2u3Wp4cwRDyTlMiAaJ/jpPiWUiSFtroVSSM1tZQfm:YWaR6SInGj3WN6DyhMiASjpPhSFtroVI
Score

10^/10

formbook vjw0rm a24e rat spyware stealer trojan worm
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Formbook payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vjw0rm

Formbook payload

Blocklisted process makes network request

Executes dropped EXE

Checks computer location settings

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2