General
-
Target
b115f24fcecce5e8661300527a748448.rtf
-
Size
9KB
-
Sample
201120-tfcp5pwja6
-
MD5
b115f24fcecce5e8661300527a748448
-
SHA1
9673703628a2edf4fea0b3a764357f82b4c9ce9f
-
SHA256
15655af972b632964f3327334c8809fb6cd6cd04e43f4548a32a5bb5743a75bc
-
SHA512
981c6e16ef59a337a1375367a048e63c877550137e01b7854356355c1f876c3118d606adeb33b0a047645b7eeb3806ed0a72aed5a36d7b7be4699ce23c5818ed
Static task
static1
Behavioral task
behavioral1
Sample
b115f24fcecce5e8661300527a748448.rtf
Resource
win7v20201028
Behavioral task
behavioral2
Sample
b115f24fcecce5e8661300527a748448.rtf
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.digitalcashteam.com/glt/
blingenterprises.net
opalthemovie.com
auctionpros.club
simplyfluffy.com
nanbuild.net
1extrafast.com
active-connector.xyz
ocewnbank.com
zekmer.com
6755e.com
ryry-s1.com
pastrami.house
shivamall.com
activateportusaludybelleza.com
homeprosrva.com
tessuto.net
christopherspecht.com
ti-an-dossen.com
universe.icu
healthmixtt.com
tipsrated.com
findoffline.com
we11studio.com
rbnfnleoba.club
oghomeinfoa6.club
lgdmotor.com
zhiyoubin.com
fapemlogisticsc.com
santoshafacemasks.com
zettrackgpstracker.com
blogtalkraio.com
procyon.design
myvirtualmision.com
bamnlife.love
msksoft.net
outrage-lefilm.com
singlepebbles.com
straightaheadflixgroup.com
everychildnisanartist.com
collagenika.com
biohazardmethcleanup.com
ftehfb.com
europeic.com
themaskedstitcher.com
edxar.xyz
yenciaceves.com
show-jumps.com
creatincountries.com
tripleedelights.com
zuriadesign.com
mcjuirisit.com
reem.pro
sgbanfang.com
ally-app.com
organizationfun.net
findingthefaceofgod.com
barbellsandbarns.com
cttmall.com
s-f.club
magnoliamamas.com
kalkulatorweb.com
dearsropes.store
paytofindmebro.cheap
auykypznj.club
Targets
-
-
Target
b115f24fcecce5e8661300527a748448.rtf
-
Size
9KB
-
MD5
b115f24fcecce5e8661300527a748448
-
SHA1
9673703628a2edf4fea0b3a764357f82b4c9ce9f
-
SHA256
15655af972b632964f3327334c8809fb6cd6cd04e43f4548a32a5bb5743a75bc
-
SHA512
981c6e16ef59a337a1375367a048e63c877550137e01b7854356355c1f876c3118d606adeb33b0a047645b7eeb3806ed0a72aed5a36d7b7be4699ce23c5818ed
-
Formbook Payload
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-