General
-
Target
PRODUCT INQUIRY BNQ1.xlsx
-
Size
197KB
-
Sample
201125-zhsrv28b6s
-
MD5
b3649a8e594d80a7dafd659247d59d77
-
SHA1
effdca13a654d1d50d646db753c2c7c01f787f2e
-
SHA256
78a58253b33bfd1e2e6a772e8aa9aafd5497a03f0677430c66442ca35bfa229f
-
SHA512
0c65852187b96687527e9f360069e6d0566a6510b1b75c291eb77394edf40f5376d525ede36b44d8f0a4e26b305d9576e55788c2f91b726151be4fdd453dee29
Static task
static1
Behavioral task
behavioral1
Sample
PRODUCT INQUIRY BNQ1.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PRODUCT INQUIRY BNQ1.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.absbeautytechgeeks.com/coz3/
penrosecondos-official.com
kapkwata.com
snhdt.net
ludibeauty.com
lightcarcompany.com
midwestsupplyus.net
ourvideoindalastexas.com
jemadvee.com
policedeptgrants.com
piiiz.com
cristaopraticante.com
rewa-service.com
marijuanachoices.com
bienvenuelesnouveaux.com
contactmanagementsystems.com
besteggcreditcard.com
mypetwellnessstore.com
systemstogrowbusiness.com
4winner.xyz
eitalasqueira.com
crdtchef.com
bnrtekstil.com
ritme.net
foodnutritionresearchs.com
schobbedeckel.com
tiotacostrades.com
ppc-listing.info
d-biomall.com
changhui-glass.com
inpoweruniversity.com
teddij.com
benlongwj.com
dogwoodfarmgoldendoodles.com
d2cbox.com
vinilife.com
bclawncareplus.com
seawalrusservers.com
theamericanconcept.com
reyeshomeservicesllc.com
mdintegrityhometm.com
kuiper-lisbonne.com
womenstil.com
mir-usa.com
gaodingzc.com
jadi.global
skoll-custom.com
slamdiegopod.com
kreotakt.com
teleeducationforafghanistan.com
andrewgalbraith.com
mg-hk02.com
myuniadmin.co.uk
lionmadness.com
jacksonmap.com
plfsourcing.com
icepacksdirect.com
shruthisculinaryart.com
myecovet.com
mctrade.club
rootedproductions.net
albakr.net
oakbrooktoyotawestmont.com
thevirginiahomesource.com
clcsouthernapparel.com
Targets
-
-
Target
PRODUCT INQUIRY BNQ1.xlsx
-
Size
197KB
-
MD5
b3649a8e594d80a7dafd659247d59d77
-
SHA1
effdca13a654d1d50d646db753c2c7c01f787f2e
-
SHA256
78a58253b33bfd1e2e6a772e8aa9aafd5497a03f0677430c66442ca35bfa229f
-
SHA512
0c65852187b96687527e9f360069e6d0566a6510b1b75c291eb77394edf40f5376d525ede36b44d8f0a4e26b305d9576e55788c2f91b726151be4fdd453dee29
-
Formbook Payload
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-