Overview

overview

10

Static

static

inz.exe

windows7_x64

10

inz.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    inz.exe

  • Size

    411KB

  • Sample

    210112-37w4dvae76

  • MD5

    ab87bb7551411aec9c0b27cb4dcca79e

  • SHA1

    e689e98a99d1d2a6e9a67a6adbd7fba737ed2d6b

  • SHA256

    6c63e68f6d116d78c115e15d1c1bdaeb1064cb562de15c4f5d46142e637f26e3

  • SHA512

    5a0ef5f90cd43534e2043dbe4fae17c9b1a1197be9e1acd29c1c069f710732bd8f6c3aad59b5ff16e4c65ac43b4e23e8a2c8c7f5fc27a74638c150b319234f4f

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.nationshiphop.com/hko6/

Decoy

apartmentsineverettwa.com

forritcu.net

hotroodes.com

skinnerttc.com

royaltrustmyanmar.com

adreslog.com

kaysbridalboutiques.com

multitask-improvements.com

geniiforum.com

smarthomehatinh.asia

banglikeaboss.com

javlover.club

affiliateclubindia.com

mycapecoralhomevalue.com

comparamuebles.online

newrochellenissan.com

nairobi-paris.com

fwk.xyz

downdepot.com

nextgenmemorabilia.com

Targets

    • Target

      inz.exe

    • Size

      411KB

    • MD5

      ab87bb7551411aec9c0b27cb4dcca79e

    • SHA1

      e689e98a99d1d2a6e9a67a6adbd7fba737ed2d6b

    • SHA256

      6c63e68f6d116d78c115e15d1c1bdaeb1064cb562de15c4f5d46142e637f26e3

    • SHA512

      5a0ef5f90cd43534e2043dbe4fae17c9b1a1197be9e1acd29c1c069f710732bd8f6c3aad59b5ff16e4c65ac43b4e23e8a2c8c7f5fc27a74638c150b319234f4f

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks