Overview

overview

10

Static

static

INQUIRY.exe

windows7_x64

10

INQUIRY.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a84cbb31cdf069bfc816bf0183c6228bf0a3b8ca038e8f1d4152e334bea13e0

  • Size

    234KB

  • Sample

    220521-mmgw4scad4

  • MD5

    835c889e69e6cbf13b93c14cc5187170

  • SHA1

    0f23eedfd6533fa371de9038c166b85ef20a095a

  • SHA256

    8a84cbb31cdf069bfc816bf0183c6228bf0a3b8ca038e8f1d4152e334bea13e0

  • SHA512

    b0e18017008bf00ac7983b80bad73f2ef82161b19161d82e977667ae666a3434518ff2e1d897ac58802e706865baa899538788eb3932900112184bba0b8a647e

Score
10/10
formbookq5eratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.0

Campaign

q5e

Decoy

cryptoxc.world

lotto18coin.net

jinfuzeneiyo.com

ekljfd.info

fundme360.com

catfishingtrickssubscribers.com

account-applerestore-help.com

macys-giveaway.site

vtwomenswellness.net

naxagoras.com

beatumcosmetic.com

pitchperfect3full.com

entertheartoffrenchliving.com

maithecat.com

skooey.com

genenv.com

projectxstream.com

liladasgupta.com

whitecloverwedding.net

zchinahu.com

Targets

    • Target

      INQUIRY.exe

    • Size

      309KB

    • MD5

      0f32fb09814445efbb05bf85c84c799b

    • SHA1

      ba9fa5e71bcedd957e8c4bbb7b477733e8761c0a

    • SHA256

      00c47b353869bd10336878ab126ad47ba22f370c1adf89310a589d5a6c14bfe4

    • SHA512

      9396260e43f21243883f35fa225d4346547d26ac5a87da500bd4913c9c477bfd92bffa718254f03361ca0381f50dbd3d6e4f6570850bcc5063e47bae12f51a43

    Score
    10/10
    formbookq5eratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks