Order Inquiry.exe

General
Target

Order Inquiry.exe

Size

222KB

Sample

210408-zrdtzkhyg6

Score
10 /10
MD5

6664568334aabc380dda1821fdd379d9

SHA1

8b847d59b54068e0cb5316c1e4f6e5db286d98d9

SHA256

ee0a32169adde722c5652fb40046d8251fa8a89ce615a637ed5708372af0d163

SHA512

cb391712b7c9138cb12bc5f0176ddb7739f25db7e1c4da03b02ba0b68ba0cce00650341230f189fff1f398eab7ac0ac2584d4d171a5f6430c78130dbd6e431fa

Malware Config

Extracted

Family formbook
Version 4.1
C2

http://www.c-voyageinc.com/r4ei/

Decoy

8clintonstreet.com

sherylhotpepperblends.com

eucham.asia

earnestqueen.com

vstexchange.com

theoutofbounds.com

allincursive.com

getgenevieved.com

commonlawpeoplesassembly.net

brideclubstorerastreamento.com

cngelectricaldesign.com

mizmaleather.com

nicolabenge.com

babyboxbuy.com

xaydungquan9.com

hclifechurch.com

cwyxonlp.icu

inocentkidd.com

worldhw.com

soul.exchange

garshbedmi.info

hayratindonesia.com

optimummedical-uk.com

jagocopywriter.com

loandong.com

tnacharters.com

rdj-cpa.com

nklwmb.com

baykusbaskimerkezi.xyz

websiteworlda-z.com

gulumsekoop.xyz

artforthebayarea.com

hkafrfudl.icu

thekhufureign.com

stanfordcodingtutor.com

puoynios.website

saearners.info

epipdfhany.com

cowboycooloutfitters.net

therealrefinery.com

royal-english-academy.com

dante.report

montonvuraeditted.space

webuytampabayhouses.com

phorice.com

juxrams.info

francisboyrd.com

edifice-base.com

shjzly.com

frisdrank.deals

Targets
Target

Order Inquiry.exe

MD5

6664568334aabc380dda1821fdd379d9

Filesize

222KB

Score
10 /10
SHA1

8b847d59b54068e0cb5316c1e4f6e5db286d98d9

SHA256

ee0a32169adde722c5652fb40046d8251fa8a89ce615a637ed5708372af0d163

SHA512

cb391712b7c9138cb12bc5f0176ddb7739f25db7e1c4da03b02ba0b68ba0cce00650341230f189fff1f398eab7ac0ac2584d4d171a5f6430c78130dbd6e431fa

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Formbook Payload

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10