INQUIRY DOCUMENTS & DATA COMPANY INFORMATION.exe

General
Target

INQUIRY DOCUMENTS & DATA COMPANY INFORMATION.exe

Size

460KB

Sample

211021-q8rj8abccn

Score
10 /10
MD5

4bc84a1a436c849698fd54c0f921c2a1

SHA1

c7c7cb7b33da65ffc53ff9351b56802cb1561560

SHA256

25e5055023abbb8c18992618b6f04c94b8b13ff8bd33d4a4f8462d92902461bf

SHA512

c86ec6b9fef554818af6aacdc7df24bb7ad1813390f6e708c7b9cd385a274286419c3f738d55ef411a1be82cbf462e483525ef20e27a4b6b24ceb4fc99001f19

Malware Config

Extracted

Family formbook
Version 4.1
Campaign cnp0
C2

http://www.ccnsv.net/cnp0/

Decoy

jiarenyuanhunlian.com

xquizitelashesnwaxx.com

rentinerie.com

herbalpedia-id.com

openseagames.com

re-swap.com

william-cook.com

segensv.com

versebay.com

brendanlairdsound.com

bypestor.com

hospitaldelpc.net

wwwroadrunnerfinancial.com

waterhammerstudios.com

hustleandbank.photography

secure01bchslogin.com

rarepeperanking.com

greatland.company

happybirthdayjewel.com

raheok.store

citrusarrow.coffee

midwest-oktoberfest.com

dpcuow.com

creativeartsfilmacademy.biz

sse-audio.com

offertasuperfibra.com

gizpsikolojikdanisma.com

7aomoquzb9.com

filthycarproductions.online

fuquba.com

lovinzion.com

istanbulmadencilik.com

treasuretroveofrecipes.com

exploitporbrl.xyz

seneorreward.com

sx-mz.com

mylcsservices.digital

paidimage.xyz

tayyqc.com

congoqueen.com

cerrajerovalls.online

iwasehokenservice.net

chuahoinach.net

savouri.online

brandonjanisieski.com

seo-clicks7.com

aplusvibe.com

incotporate.com

webdyx.com

pit.land

Targets
Target

INQUIRY DOCUMENTS & DATA COMPANY INFORMATION.exe

MD5

4bc84a1a436c849698fd54c0f921c2a1

Filesize

460KB

Score
10 /10
SHA1

c7c7cb7b33da65ffc53ff9351b56802cb1561560

SHA256

25e5055023abbb8c18992618b6f04c94b8b13ff8bd33d4a4f8462d92902461bf

SHA512

c86ec6b9fef554818af6aacdc7df24bb7ad1813390f6e708c7b9cd385a274286419c3f738d55ef411a1be82cbf462e483525ef20e27a4b6b24ceb4fc99001f19

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Formbook Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation