formbook

General

Target

fcc21d800f2cd942cbb2777c40a8ebf831e7fce2e6c8c77d5fa8fd4e3709bd01.js
Size

346KB
Sample

221130-t3k22aga24
MD5

21199ca311ff9236a22bc04871f49361
SHA1

14bf80cebe0fe6945ab146eb481a40d62df5f1d1
SHA256

fcc21d800f2cd942cbb2777c40a8ebf831e7fce2e6c8c77d5fa8fd4e3709bd01
SHA512

2696c74bae8749f26af0483807395356a0224c2124ac956cbb48e8026a705cc3bc1cc8056991385284636e4982dbaefb5a4887901459e41ff02bd0975f5927a0
SSDEEP

6144:So6tITpn1wYXxLJCZQk5s1TAriIgnywLzTp1vQo:76tSJ1tXGaka1TArinBHtZ/

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c0e5

Decoy

educao.pet

e-race.store

clitzhyper.com

webcheetahtech.online

akkarr.online

odevillage.fit

yaignav.site

191u.us

misionartv.store

leadingpastor.com

claudio-vega.store

9mck753.com

system-reminder.live

landsharesfg.net

lmcsf.top

mkstoreacesse.com

2023.domains

yb8.mobi

2q02f4fyxg7ybb18.digital

logtray.shop

Targets

- Target
  
  fcc21d800f2cd942cbb2777c40a8ebf831e7fce2e6c8c77d5fa8fd4e3709bd01.js
- Size
  
  346KB
- MD5
  
  21199ca311ff9236a22bc04871f49361
- SHA1
  
  14bf80cebe0fe6945ab146eb481a40d62df5f1d1
- SHA256
  
  fcc21d800f2cd942cbb2777c40a8ebf831e7fce2e6c8c77d5fa8fd4e3709bd01
- SHA512
  
  2696c74bae8749f26af0483807395356a0224c2124ac956cbb48e8026a705cc3bc1cc8056991385284636e4982dbaefb5a4887901459e41ff02bd0975f5927a0
- SSDEEP
  
  6144:So6tITpn1wYXxLJCZQk5s1TAriIgnywLzTp1vQo:76tSJ1tXGaka1TArinBHtZ/
Score

10^/10

formbook vjw0rm c0e5 rat spyware stealer trojan worm
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Formbook payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vjw0rm

Formbook payload

Blocklisted process makes network request

Executes dropped EXE

Checks computer location settings

Drops startup file

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2