Inv.exe

Target

Inv.exe

Size

326KB

Sample

210113-gaab1e7kge

Score

10 ^/10

MD5

a3aba7d40da6c8c86e4e8d035803f314

SHA1

469b36f05939d6ec6457f1b72ba9f6c7a960be06

SHA256

1f94eb81e3cde4f677fd210e1ff7f5d06987cbdc2fa7de79e28b224e49244b40

SHA512

2cfa59a865a8292b98fb3e8e6ae79a4613d773be87c927ba4cc8e0f034010c0e5ebd0b85a74ca02ef59d47335908bcc610a597bc9cbfbfaaf364d76f51fff2fc

Extracted

Family	formbook
C2	http://www.nationshiphop.com/hko6/ http://www.nationshiphop.com/hko6/
Decoy	apartmentsineverettwa.com forritcu.net hotroodes.com skinnerttc.com royaltrustmyanmar.com adreslog.com kaysbridalboutiques.com multitask-improvements.com geniiforum.com smarthomehatinh.asia banglikeaboss.com javlover.club affiliateclubindia.com mycapecoralhomevalue.com comparamuebles.online newrochellenissan.com nairobi-paris.com fwk.xyz downdepot.com nextgenmemorabilia.com achonabu.com stevebana.xyz jacmkt.com weownthenight187.com divshop.pro wewearceylon.com skyreadymix.net jaffacorner.com bakerlibra.icu femalecoliving.com best20banks.com millcityloam.com signature-office.com qlifepharmacy.com dextermind.net fittcycleacademy.com davidoff.sucks 1033393.com tutorsboulder.com bonicc.com goodberryjuice.com zhaowulu.com teryaq.media a-zsolutionsllc.com bitcoincandy.xyz cfmfair.com annefontain.com princesssexyluxwear.com prodigybrushes.com zzhqp.com hwcailing.com translatiions.com azery.site wy1917.com ringohouse.info chartershome.com thongtinhay.net 2201virginiacondo5.com laurieryork.net mujeresnegociantes.com anchoriaswimwear.com michaelsala.com esdeportebici.com ninjitsoo.com apartmentsineverettwa.com forritcu.net hotroodes.com skinnerttc.com royaltrustmyanmar.com adreslog.com kaysbridalboutiques.com multitask-improvements.com geniiforum.com smarthomehatinh.asia banglikeaboss.com javlover.club affiliateclubindia.com mycapecoralhomevalue.com comparamuebles.online newrochellenissan.com nairobi-paris.com fwk.xyz downdepot.com nextgenmemorabilia.com achonabu.com stevebana.xyz jacmkt.com weownthenight187.com divshop.pro wewearceylon.com skyreadymix.net jaffacorner.com bakerlibra.icu femalecoliving.com best20banks.com millcityloam.com signature-office.com qlifepharmacy.com dextermind.net fittcycleacademy.com davidoff.sucks 1033393.com tutorsboulder.com bonicc.com goodberryjuice.com zhaowulu.com teryaq.media a-zsolutionsllc.com bitcoincandy.xyz cfmfair.com annefontain.com princesssexyluxwear.com prodigybrushes.com zzhqp.com hwcailing.com translatiions.com azery.site wy1917.com ringohouse.info chartershome.com thongtinhay.net 2201virginiacondo5.com laurieryork.net mujeresnegociantes.com anchoriaswimwear.com michaelsala.com esdeportebici.com ninjitsoo.com

Target

Inv.exe

MD5

a3aba7d40da6c8c86e4e8d035803f314

Filesize

326KB

Score

10 ^/10

SHA1

469b36f05939d6ec6457f1b72ba9f6c7a960be06

SHA256

1f94eb81e3cde4f677fd210e1ff7f5d06987cbdc2fa7de79e28b224e49244b40

SHA512

2cfa59a865a8292b98fb3e8e6ae79a4613d773be87c927ba4cc8e0f034010c0e5ebd0b85a74ca02ef59d47335908bcc610a597bc9cbfbfaaf364d76f51fff2fc

Signatures

Formbook

Description

Formbook is a data stealing malware which is capable of stealing data.

Tags

trojan spyware stealer formbook
Formbook Payload

Tags

rat
Deletes itself
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

formbook rat spyware stealer trojan

10^/10

behavioral2

formbook rat spyware stealer trojan

10^/10

Extracted

Tags

Signatures

Formbook

Description

Tags

Formbook Payload

Tags

Deletes itself

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2