General
-
Target
INQUIRY.exe
-
Size
644KB
-
Sample
211020-2fc2xaaeem
-
MD5
5a707691406a2638523c755b77a9a46b
-
SHA1
3dbdce0b3b04dbe0ec3ee7e89403f000d9536853
-
SHA256
f08ca756c36edc6ed2a59075dd924b66dc07025cd9e5320b93eee0a148a5fba0
-
SHA512
0adf0ff1b336b252ad93128436c41b0933b67baf32f5ebe0a803f33263d80c41095e582bece484ba02e41639fcc2512c074375aa86393373811279a69a904bca
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY.exe
Resource
win7-en-20211014
Malware Config
Extracted
formbook
4.1
h0c4
http://www.cursoukulelegospel.com/h0c4/
looknewly.com
icha2016.com
datnenhoalachn.xyz
fark.ltd
zjlj.site
carpinteriacansino.com
atozmp33.com
oficialacesso.com
tuningfrance.com
rmm-mx96r.net
outsidestyleshop.com
eufundas.com
a91furniture.com
sfme.net
englisch.coach
wallacechen.info
nyayeo.com
jintongstore.com
vanwerknaarwerk.info
thekimlab.net
morvirtualassistant.com
ichatbengal.com
doctors-technology.com
mississippisms.com
koopa.codes
sproutheads.com
gardenkitchenspa.com
hoom.life
wiselogistic.com
appadaptor.com
jumtix.xyz
academiavirtualjjb.com
pcmrmf.com
hlsx069.com
sunielkapoor.com
truetaster.com
rylautosales.com
cgmobile.net
www-inloggen-nl.info
businesswebstrategy.net
fetch-a-sg-hair-transplant.fyi
paintingservicespune.com
cakeeyes.net
tandebrokers.com
navigantcapitalpartners.com
hubska.com
foillaws.com
battletraining.com
bitcoin-recovery.com
yourbuildvideos.com
naturalsumaq.com
prasikapsychotherapy.com
jphousecleaningservices.com
fetch-hepatitis-c.zone
easypay-agent.com
ronaldcraig.com
highonloveshop.com
bayharborislandhouse2.com
aventuramaker.com
han-chill.com
wrapmeupbkk.com
videomarketing.tips
ishouldntbthareasonugohard.com
psychotherapie-wermuth.com
Targets
-
-
Target
INQUIRY.exe
-
Size
644KB
-
MD5
5a707691406a2638523c755b77a9a46b
-
SHA1
3dbdce0b3b04dbe0ec3ee7e89403f000d9536853
-
SHA256
f08ca756c36edc6ed2a59075dd924b66dc07025cd9e5320b93eee0a148a5fba0
-
SHA512
0adf0ff1b336b252ad93128436c41b0933b67baf32f5ebe0a803f33263d80c41095e582bece484ba02e41639fcc2512c074375aa86393373811279a69a904bca
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-