General

  • Target

    INQUIRY DOCUMENTS & DATA COMPANY INFORMATION.exe

  • Size

    460KB

  • Sample

    211021-q8rj8abccn

  • MD5

    4bc84a1a436c849698fd54c0f921c2a1

  • SHA1

    c7c7cb7b33da65ffc53ff9351b56802cb1561560

  • SHA256

    25e5055023abbb8c18992618b6f04c94b8b13ff8bd33d4a4f8462d92902461bf

  • SHA512

    c86ec6b9fef554818af6aacdc7df24bb7ad1813390f6e708c7b9cd385a274286419c3f738d55ef411a1be82cbf462e483525ef20e27a4b6b24ceb4fc99001f19

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cnp0

C2

http://www.ccnsv.net/cnp0/

Decoy

jiarenyuanhunlian.com

xquizitelashesnwaxx.com

rentinerie.com

herbalpedia-id.com

openseagames.com

re-swap.com

william-cook.com

segensv.com

versebay.com

brendanlairdsound.com

bypestor.com

hospitaldelpc.net

wwwroadrunnerfinancial.com

waterhammerstudios.com

hustleandbank.photography

secure01bchslogin.com

rarepeperanking.com

greatland.company

happybirthdayjewel.com

raheok.store

Targets

    • Target

      INQUIRY DOCUMENTS & DATA COMPANY INFORMATION.exe

    • Size

      460KB

    • MD5

      4bc84a1a436c849698fd54c0f921c2a1

    • SHA1

      c7c7cb7b33da65ffc53ff9351b56802cb1561560

    • SHA256

      25e5055023abbb8c18992618b6f04c94b8b13ff8bd33d4a4f8462d92902461bf

    • SHA512

      c86ec6b9fef554818af6aacdc7df24bb7ad1813390f6e708c7b9cd385a274286419c3f738d55ef411a1be82cbf462e483525ef20e27a4b6b24ceb4fc99001f19

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Formbook Payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks