formbook

General

Target

vbc(1).exe
Size

694KB
Sample

221208-nv6e4shh39
MD5

5113abb28878ff293661fc23685a48bf
SHA1

175aa3169fe7112cead1a550dd702c552bbe832c
SHA256

0911f0bf9c55b8b1388b01524a3d37bbe843c3a3d5a5db4047812ec1a436ec10
SHA512

c4e447cba8dafa4f9744e09a2bbd39b1c59025f1d2f5cf879f0fbae121779a56e42174580cfbd760c48e55a5c997cdec96d1189a4724ff4a6f06d3632dda780f
SSDEEP

12288:RIn+H+LD9IlljoZ9bQGhQwDZF4J40l+BrNGqWOl1u/OfzgYWvwddkydK4akFXRyy:RILOHjoDQGhHQ40loJGts42fz4YTkydp

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Extracted

Family

xloader

Version

3.�E

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Targets

- Target
  
  vbc(1).exe
- Size
  
  694KB
- MD5
  
  5113abb28878ff293661fc23685a48bf
- SHA1
  
  175aa3169fe7112cead1a550dd702c552bbe832c
- SHA256
  
  0911f0bf9c55b8b1388b01524a3d37bbe843c3a3d5a5db4047812ec1a436ec10
- SHA512
  
  c4e447cba8dafa4f9744e09a2bbd39b1c59025f1d2f5cf879f0fbae121779a56e42174580cfbd760c48e55a5c997cdec96d1189a4724ff4a6f06d3632dda780f
- SSDEEP
  
  12288:RIn+H+LD9IlljoZ9bQGhQwDZF4J40l+BrNGqWOl1u/OfzgYWvwddkydK4akFXRyy:RILOHjoDQGhHQ40loJGts42fz4YTkydp
Score

10^/10

formbook xloader pgnt loader rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2