Overview

overview

10

Static

static

1

vbc.exe

windows7-x64

10

vbc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc.exe

  • Size

    929KB

  • Sample

    230322-l8h6magb96

  • MD5

    a2b6815c9698017685973d659c6fa3ba

  • SHA1

    711825fd9865c9b1ca177df8301058a96bf7968d

  • SHA256

    bcb2ba08e3ef1e2650c2276989c6d12e2277015deee0e4731f7099be07e63788

  • SHA512

    3f943ead12ce94547e336ae9ac16b74f37a2f37c1b44180a606c0155faae0b664ec8bfca1a622309ffa3bf202a7bfd81abfd3b06babc6d02efa10f449837d79c

  • SSDEEP

    12288:6cNpFJUGzl06/TgTU48e9NyCGTyIkNOmun7ZI/GYLS+bmtHq75JM/GQsqYn:Pzl06MFxyCGTRkNOpFI/fmEaqVJM/By

Score
10/10
formbookbk08ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bk08

Decoy

chloie.net

fastingersecure.monster

foundersterrace.online

ytorly.xyz

kiralayolla.com

corporacionalpi.com

planfortheworld.com

disciplinecoaching.co.uk

rubi33.com

digitlabmedia.com

ky20033.com

h4q7.com

91ye260.xyz

coconceptevents.com

ukusizas.africa

utainnovative.africa

ted-clean.co.uk

haus-huelsche.com

ca-refund.website

football.salon

Targets

    • Target

      vbc.exe

    • Size

      929KB

    • MD5

      a2b6815c9698017685973d659c6fa3ba

    • SHA1

      711825fd9865c9b1ca177df8301058a96bf7968d

    • SHA256

      bcb2ba08e3ef1e2650c2276989c6d12e2277015deee0e4731f7099be07e63788

    • SHA512

      3f943ead12ce94547e336ae9ac16b74f37a2f37c1b44180a606c0155faae0b664ec8bfca1a622309ffa3bf202a7bfd81abfd3b06babc6d02efa10f449837d79c

    • SSDEEP

      12288:6cNpFJUGzl06/TgTU48e9NyCGTyIkNOmun7ZI/GYLS+bmtHq75JM/GQsqYn:Pzl06MFxyCGTRkNOpFI/fmEaqVJM/By

    Score
    10/10
    formbookbk08ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks