Overview

overview

10

Static

static

1

Inquiry.exe

windows7-x64

10

Inquiry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inquiry.exe

  • Size

    285KB

  • Sample

    221216-n456psef64

  • MD5

    f0e4c1267b74749baa333af7b79863e4

  • SHA1

    8392408915040e7397d0c5ef8415748fd41ed51c

  • SHA256

    91218386ed25d62220408973a03c76b8c4fc44512a60eabd0e437b2bbd10e7d4

  • SHA512

    22ccb51aa15e5b10ec58db93b71a809257ef76962072b107ace4d4385a592538ac31061bf50a4ced313ab45d7c691d1c8dd353b90bdbdede7a98e958763678d4

  • SSDEEP

    6144:gkwn7X9cBmCuwC8XJDaXdihVmQzohW8ktHVKMZpWK4:NBmn8ZDAdKMQOW7VKIpWK4

Score
10/10
formbookm5oeratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

m5oe

Decoy

HdR8hG6r12hBYuHY4zv6YeeFPQ==

tD1V9gswYvgQXEGd

1xKtJ1LdqRYMRMC84U1A

MbhjiWb7Lz8z7KIWl3UyUIJwA6Tb

joVB5Xggy2RtE+odsZg=

TrduAIay6Y3SvoIK20xI

pSna7LOsXXwXT/zz3Iow4g==

QnthmO4Qst5gC3sDoA==

eAirzOOgO7SOCenz3Iow4g==

xg0uSbfLTg==

YWQXwyGRzPEHzGrDFE8CBSE=

ujLnfuXoH9dbgHIK20xI

291v0XsGFrYQXEGd

MRvTd/qMuaHpjCM=

X131fLC6VWX4MsvCb2IPjIfq8wlksWfg

Y9Bur8DbgqFt/Yni86MMCCE=

q6RTBmJkmy5pWTmmCCrvmuCDPw==

mQS26DojT+EQXEGd

sjHQ+Kav2Wx9FeodsZg=

JA24UKnTA5re1LhcQaVo/w==

Targets

    • Target

      Inquiry.exe

    • Size

      285KB

    • MD5

      f0e4c1267b74749baa333af7b79863e4

    • SHA1

      8392408915040e7397d0c5ef8415748fd41ed51c

    • SHA256

      91218386ed25d62220408973a03c76b8c4fc44512a60eabd0e437b2bbd10e7d4

    • SHA512

      22ccb51aa15e5b10ec58db93b71a809257ef76962072b107ace4d4385a592538ac31061bf50a4ced313ab45d7c691d1c8dd353b90bdbdede7a98e958763678d4

    • SSDEEP

      6144:gkwn7X9cBmCuwC8XJDaXdihVmQzohW8ktHVKMZpWK4:NBmn8ZDAdKMQOW7VKIpWK4

    Score
    10/10
    formbookm5oeratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks