General
-
Target
Document Required.xlsx
-
Size
197KB
-
Sample
201125-9fkx8wvndx
-
MD5
8fd8de25313b4fc4255aa5591688d0ea
-
SHA1
712d9a77d3e3f06dc581389d6f6e4750342c0fe1
-
SHA256
03a6bc87bb80addefb4be14286dfde8e9bcac5f33cfbc979a7f0663b3bedefc6
-
SHA512
6465e41c2c08d5bd46b90a0b30ad96b25287db7703e8b883fc8a5f97f150d60ea356b350c0a5d1805213f576ee1b86d60d40a2ec4a6b11945911545330962f32
Static task
static1
Behavioral task
behavioral1
Sample
Document Required.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Document Required.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.mommabearmoney.com/et2d/
wcaconline.com
travelbackpackss.com
ao-m-nishinomiya.com
tilania.com
vegbydesign.net
mybabysisterscloset.com
sanctitude-cuspidated.com
russtybeats.com
dichvubangchuan.com
su-seikatu.info
eratosantorini.com
ninetofivemama.com
delishany.com
pawchamamapet.net
nissicloud.com
strictlyotaku.net
kissmanga.pro
appalachianfx.com
aralending.com
forbrighterlife.com
manhe3.com
cas100.com
kayabrands.net
innerworkshops.love
kforkidz.com
niulorge.com
thelittleredcraftshack.com
583846.com
dutchesspistolpermit.com
gempharmatechllc.com
hatiyhgsnterahs.com
grooming-gigi.com
wevertexinc.com
brazil920.com
loan-stalemate.info
cleanerkitchen-shop.com
lilyamore.com
invest-eight.com
cfa-cuu.com
k978-k2bsp-mr.net
essisoasesorias.com
mechaf.com
danmerinc.com
prestigehometransformations.com
brandsincart.com
dichvuviplike.pro
bigiproperty.com
mysteryblack.com
magentos6.com
pilotsugardaddys.net
securityacadamy.com
media-cruise.com
sloppyasians.com
unempioymentpua.com
texasrefinances.com
hellogringa.com
vspectra.site
lakewoodcharity.com
lowdownlocal.com
jedzeniomat.com
sellmyhouseolympia.com
halsmart.info
lailraw.com
reapen.com
Targets
-
-
Target
Document Required.xlsx
-
Size
197KB
-
MD5
8fd8de25313b4fc4255aa5591688d0ea
-
SHA1
712d9a77d3e3f06dc581389d6f6e4750342c0fe1
-
SHA256
03a6bc87bb80addefb4be14286dfde8e9bcac5f33cfbc979a7f0663b3bedefc6
-
SHA512
6465e41c2c08d5bd46b90a0b30ad96b25287db7703e8b883fc8a5f97f150d60ea356b350c0a5d1805213f576ee1b86d60d40a2ec4a6b11945911545330962f32
-
Formbook Payload
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-