Overview

overview

10

Static

static

Inquiry Qr.exe

windows7_x64

10

Inquiry Qr.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inquiry Qr.exe

  • Size

    780KB

  • Sample

    211025-fhf1pagedp

  • MD5

    dd2b68372282c9f889d288ec83409cf0

  • SHA1

    1cd1cc24217ce59a40e8635348d38ef827c1673b

  • SHA256

    96c65dbeb55d5794541c9132447e41735610c1948b78c138d796e9db8528dd87

  • SHA512

    0d7d92e18bd0336bd338b2b1cc2ab06617f801be5222bf66cc35a889b670644012a2dee14e32fd057ab1c286ecbf6878b40a47283078ad20b40543b073d910ff

Score
10/10
formbookubduratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ubdu

C2

http://www.firsttracksdigital.com/ubdu/

Decoy

veermaster.com

atechco.info

ritzelcapital.com

spyhusband.com

therestoretrial.com

quartier-creyole.com

farmintheforest.com

automationadvertising.com

luisxe.info

pranapolarity.com

dwadawdf005.com

joleahfashions.com

silverwoodrestoration.com

blackivorygoldbeautysupply.com

nb-bird.com

silverlakein.xyz

thecleanear.com

rxv3.com

goaltransparent.com

mhs1.online

Targets

    • Target

      Inquiry Qr.exe

    • Size

      780KB

    • MD5

      dd2b68372282c9f889d288ec83409cf0

    • SHA1

      1cd1cc24217ce59a40e8635348d38ef827c1673b

    • SHA256

      96c65dbeb55d5794541c9132447e41735610c1948b78c138d796e9db8528dd87

    • SHA512

      0d7d92e18bd0336bd338b2b1cc2ab06617f801be5222bf66cc35a889b670644012a2dee14e32fd057ab1c286ecbf6878b40a47283078ad20b40543b073d910ff

    Score
    10/10
    formbookubduratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks