General
-
Target
c50d14a3cba28ef65b475833c802e8a9ce51fcefb72a452d8f5daa45a97c1842
-
Size
484KB
-
Sample
220521-n5rdyahggn
-
MD5
6499b551d3c4cb8967b3d5f6570a5217
-
SHA1
b2daae78d53f08d5bc005ed3f8f613937603bdcd
-
SHA256
c50d14a3cba28ef65b475833c802e8a9ce51fcefb72a452d8f5daa45a97c1842
-
SHA512
cc6e2dfb3801d6198ba6b253fd0b17dbe428cf0b012f7a88df35a8bc8c54716fdb0143558acef13fdce32ef09ec96dc318b3b9e29509ef99d812eb7fbee071de
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
dth
gallerypiquel.net
960243.com
425sqftart.com
tiedupporn.net
rxmedia.services
carsandjava.com
bannresolar.com
ecowashnh.com
joshuarent.com
kolacabs.com
supps-acc-issue17.net
meilleurs-livres.com
zb-3a-spring.com
gettabs.info
symonha.com
xfl3d.com
blackbrownbrothers.com
travelerecuador.com
cheaperrate.net
zeytinyagciniz.com
1tabak.net
melgough.com
www357234.com
stellaluce.com
deltissolutions.com
mindguidelearning.com
naukrigov.com
allthingsnicebyfiona.online
ttbgmpcj.com
treesurgeonberkshire.com
bobstarrecruitment.com
vertefuse.com
williamdz.com
todyj.win
nolanmercer.com
abitofsatoshi.com
traffotography.com
bb-24horas.com
cannabiscompany.online
wesentlich-leben.com
deezynation.com
blackchickensofmontreal.com
contact-mailorder.biz
shinyjoias.com
bracifydentistry.com
thermalteolo.com
buckscountyautotags.net
shalinxingxiang.com
fixsoo.net
cleanteamcoaching.com
html5zx.com
die-welt-des-sports.com
istiklalturnuvasi.com
nextoutdoorgear.com
xrpplusex.net
ybxyd.com
lfr1881.com
hfpajdwx.com
rbc.ink
texaseducationmedia.com
lineenc.com
mutuario.com
annuairevoyance.info
polline.design
chemoly.com
Targets
-
-
Target
INQUIRY.exe
-
Size
726KB
-
MD5
f0c9e48019fa38ed13d89031cd5f2f16
-
SHA1
18c11a225dd33e64dd7440712c47a8bd9ffc7b66
-
SHA256
a09022457c7802a48a3f2ef32b8008da65fb4b28b43c8e6ac37c44f0a3ecc028
-
SHA512
045a3086c55586375d2fd9553034a331cbecc18ece17b2deb6e91f1f1370a2aae3aad1e515a308f1a3eff0d9310ded72ba647fadff78d734c1348608241eec90
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Formbook Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-