Overview

overview

10

Static

static

inn.exe

windows7_x64

10

inn.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    inn.exe

  • Size

    311KB

  • Sample

    210114-vd2knqc99s

  • MD5

    fb4693dd2160e94606e349abfc64dcb9

  • SHA1

    3805cd24586cc1422cb2d2ee14dc14fa3c6b390b

  • SHA256

    8aecd1adbf0fe3c5e9e40c19893c1ca3464ed8e0502bfdb4acb871b95009f956

  • SHA512

    2551bf1d8cc8ca47f79a97e733fa0c48fd98658a6bad85c2e60979e32aafff67b41eebef5b3acd1a7a0ee3cdeff05783351187cd62f2623ee3af93c6ce5177d6

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.afrogurls.com/wzpq/

Decoy

buybabyone.com

staandwerken.store

owhinc.com

perfindet.com

bustapeople.com

xfucksex.com

ahayah.online

xorhuman.com

majorsteeshirtexpress.com

webbazaar.net

bestsalem.net

34biererstreet.com

englishfactorynyc.com

qr-url.com

netentfreespinsx.com

jimellissandysprings.com

undertablecashjobs.com

lhyzpark.com

screenwritingmanual.com

paloyalabolsa.com

Targets

    • Target

      inn.exe

    • Size

      311KB

    • MD5

      fb4693dd2160e94606e349abfc64dcb9

    • SHA1

      3805cd24586cc1422cb2d2ee14dc14fa3c6b390b

    • SHA256

      8aecd1adbf0fe3c5e9e40c19893c1ca3464ed8e0502bfdb4acb871b95009f956

    • SHA512

      2551bf1d8cc8ca47f79a97e733fa0c48fd98658a6bad85c2e60979e32aafff67b41eebef5b3acd1a7a0ee3cdeff05783351187cd62f2623ee3af93c6ce5177d6

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks