General
-
Target
inquiry.exe
-
Size
763KB
-
Sample
220725-k43tssbgdk
-
MD5
b925e8efec4bb9d7aeb0942999de6d93
-
SHA1
f67ee80014f98136c12d2c72f155bd2371b9df84
-
SHA256
b3592dda04b6002e7edf6dc1fd693ce34f0e592e305ed55b226d25a635033c33
-
SHA512
c2bed2d02391da41f9210b51adaf4990e1a60140ad63d2de200ff62ab9dfe376aef89b2a33c1f0d6ee079eca3cb7f051deeed36adafde249987f730abe5989f7
Static task
static1
Behavioral task
behavioral1
Sample
inquiry.exe
Resource
win7-20220715-en
Malware Config
Extracted
formbook
4.1
ja38
check-info-asked.com
d1g1tal-loops.com
jouw-server.online
xn--9l4b93h4ub.com
jju21.com
johndivine.com
boardinghouses.net
evergreeneq.com
lovemya.xyz
szovegmuhely.com
worldwidedatazehn.net
hollandmulchus.com
mhcbrokers.com
brainwellnesssolutions.com
creatioconsultants.com
troyleedesign.store
hayebenefits.com
atom-ontherox.com
pacificoakllc.com
nailonika.online
tixdyweb.com
boostmedia.agency
cutiemind.com
fbcpear.land
nbaonlineus.com
libretypumps.com
americangaslighter.com
blountfirm.online
titansfitnessapparel.net
ofertascapital.com
baikhati777.xyz
yeslom.xyz
classicscase.com
canineconquest.com
nationallrentacar.com
shiyoushuzhi.com
app-youhodler.site
parkwhiteplainss.com
moldshirt.net
roadsideassistanceillinois.info
turkiyedenalmanyayanakliyat.com
kingoflogisticsgh.info
ywwpjqd.com
printthisstudios.com
appackle.com
dharvest24.biz
terrariaserverhosting.com
778189.com
securitycamera-at-2022.life
dx-ss.com
edtechcreativity.com
eleganse-home.online
theknightstemplar.global
abna.international
1ggn.com
abeylele.com
acoinmintexpert.com
prerising.com
dozivljajskigozdpohorje.com
tongkhodentrangtri.com
fromvalleytosummit.com
kasirselasarbrbd.com
englishzones.com
trading-cracks.com
couches-sofas-98268.com
Targets
-
-
Target
inquiry.exe
-
Size
763KB
-
MD5
b925e8efec4bb9d7aeb0942999de6d93
-
SHA1
f67ee80014f98136c12d2c72f155bd2371b9df84
-
SHA256
b3592dda04b6002e7edf6dc1fd693ce34f0e592e305ed55b226d25a635033c33
-
SHA512
c2bed2d02391da41f9210b51adaf4990e1a60140ad63d2de200ff62ab9dfe376aef89b2a33c1f0d6ee079eca3cb7f051deeed36adafde249987f730abe5989f7
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-