General

  • Target

    inv.exe

  • Size

    343KB

  • Sample

    210118-cckqhred7e

  • MD5

    59ca7615f52a57b4d4528956889491ca

  • SHA1

    790ffd88a22f28df64c491e9fef87d50ceb9bfb7

  • SHA256

    bfa63841a36301ed60a4a0c177ad229a1b09266034182b7c8695fa5d7324f0b4

  • SHA512

    6564a9edcc216bfde643e24604cb2f536ea997bf902d933c40760ff834decb990f2f70f968484a27619551e4e493adcf867f0a19c1806a8142845692102f95fd

Malware Config

Extracted

Family

formbook

C2

http://www.nationshiphop.com/hko6/

Decoy

apartmentsineverettwa.com

forritcu.net

hotroodes.com

skinnerttc.com

royaltrustmyanmar.com

adreslog.com

kaysbridalboutiques.com

multitask-improvements.com

geniiforum.com

smarthomehatinh.asia

banglikeaboss.com

javlover.club

affiliateclubindia.com

mycapecoralhomevalue.com

comparamuebles.online

newrochellenissan.com

nairobi-paris.com

fwk.xyz

downdepot.com

nextgenmemorabilia.com

Targets

    • Target

      inv.exe

    • Size

      343KB

    • MD5

      59ca7615f52a57b4d4528956889491ca

    • SHA1

      790ffd88a22f28df64c491e9fef87d50ceb9bfb7

    • SHA256

      bfa63841a36301ed60a4a0c177ad229a1b09266034182b7c8695fa5d7324f0b4

    • SHA512

      6564a9edcc216bfde643e24604cb2f536ea997bf902d933c40760ff834decb990f2f70f968484a27619551e4e493adcf867f0a19c1806a8142845692102f95fd

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks