General
-
Target
57672c47c193f3a557553cab8126f356.rtf
-
Size
10KB
-
Sample
201125-kx4a3ncnwn
-
MD5
57672c47c193f3a557553cab8126f356
-
SHA1
91f23e359413106abd24ecdef8a0a2570cf39090
-
SHA256
94bae4886fe8942d256a84af00ae297e560b1711272c0d7b05d89f98c8067890
-
SHA512
a505cbe917419288f645ca07d0f512166de6a4387ca884f90f628a0ef524dc89f0e8d04984064429d1856cb9aa73f8cee2712205337a2f2cfccb865691222899
Static task
static1
Behavioral task
behavioral1
Sample
57672c47c193f3a557553cab8126f356.rtf
Resource
win7v20201028
Behavioral task
behavioral2
Sample
57672c47c193f3a557553cab8126f356.rtf
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.mommabearmoney.com/et2d/
wcaconline.com
travelbackpackss.com
ao-m-nishinomiya.com
tilania.com
vegbydesign.net
mybabysisterscloset.com
sanctitude-cuspidated.com
russtybeats.com
dichvubangchuan.com
su-seikatu.info
eratosantorini.com
ninetofivemama.com
delishany.com
pawchamamapet.net
nissicloud.com
strictlyotaku.net
kissmanga.pro
appalachianfx.com
aralending.com
forbrighterlife.com
manhe3.com
cas100.com
kayabrands.net
innerworkshops.love
kforkidz.com
niulorge.com
thelittleredcraftshack.com
583846.com
dutchesspistolpermit.com
gempharmatechllc.com
hatiyhgsnterahs.com
grooming-gigi.com
wevertexinc.com
brazil920.com
loan-stalemate.info
cleanerkitchen-shop.com
lilyamore.com
invest-eight.com
cfa-cuu.com
k978-k2bsp-mr.net
essisoasesorias.com
mechaf.com
danmerinc.com
prestigehometransformations.com
brandsincart.com
dichvuviplike.pro
bigiproperty.com
mysteryblack.com
magentos6.com
pilotsugardaddys.net
securityacadamy.com
media-cruise.com
sloppyasians.com
unempioymentpua.com
texasrefinances.com
hellogringa.com
vspectra.site
lakewoodcharity.com
lowdownlocal.com
jedzeniomat.com
sellmyhouseolympia.com
halsmart.info
lailraw.com
reapen.com
Targets
-
-
Target
57672c47c193f3a557553cab8126f356.rtf
-
Size
10KB
-
MD5
57672c47c193f3a557553cab8126f356
-
SHA1
91f23e359413106abd24ecdef8a0a2570cf39090
-
SHA256
94bae4886fe8942d256a84af00ae297e560b1711272c0d7b05d89f98c8067890
-
SHA512
a505cbe917419288f645ca07d0f512166de6a4387ca884f90f628a0ef524dc89f0e8d04984064429d1856cb9aa73f8cee2712205337a2f2cfccb865691222899
-
Formbook Payload
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-