General
-
Target
VOMAXTRADING.doc
-
Size
1.6MB
-
Sample
201126-7ym4vd7kvs
-
MD5
30244581b41accd77dab936571e0d87e
-
SHA1
46ddb3fa250dfb4808c3a43f7846d7c643a4f325
-
SHA256
2664162d0341d8e5cf1cf3a290b77406d87111e3c9ff3fcf3a4f0836d15d3afe
-
SHA512
485074c33256cd04b80f1f58297f5d26f55be56cd8837d35a825d8612407b310bfa29cde9e1934eec92da0a77b37f6e21f0ced9e3ce731ed8673c4b4da82f00e
Static task
static1
Behavioral task
behavioral1
Sample
VOMAXTRADING.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
VOMAXTRADING.doc
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.runwithit.media/bu43/
bearrootstherapy.com
odmpay.com
johnfornmgov.com
astrodhaam.com
pumavps.com
empireconstructiontx.com
theboujeestop.com
indictthem.com
plantationbarnof1810.com
nsxs.xyz
lgshowroom.com
allinlifestyle.club
ik-com.net
saitamacity-sports.com
neuromuscularmassagetherapy.com
freespiritnutrition.com
alexanderhamilton.computer
happysay.co.uk
nndesignpr.com
lightweightmouldings.com
sparkassen-oekosystem.finance
majestikflix.com
xbox360vpn.com
rivareservadapraca.com
waldherr.one
soluzionigare.com
personalizedsportsz.com
mycapecrusade.com
escrapedia.com
defineliberal.net
xn--54qt7bmzf8pw82mnmogwd.com
cookies-x.info
38buu.com
nirv.tech
isabellelodo.com
myquickmedia.com
luxuryevim.net
kimmycakesmore.com
akasyaofistasima.com
markhatesfreedom.com
stock-ology.com
opel-occasions-ales.com
lunajurado.com
musmarservices.com
editionsfeuvert.com
mizusukenikko.com
coaching-dreams.com
bentleyandraesdecorandmore.com
mr-mrsramirez.com
junarmusic.com
jesed72.com
serviceelectriccablevision1.com
e-capakistan.com
thedentalplanner.com
mohasaffron.com
tciclinics.info
rockinrranchpuntademita.com
gubbelspaprika.com
citizenspride.com
compprogedu.com
prierejanaza.com
toyotamotor360.com
academiadosaberdagrios.com
burakcelikkapi.com
Targets
-
-
Target
VOMAXTRADING.doc
-
Size
1.6MB
-
MD5
30244581b41accd77dab936571e0d87e
-
SHA1
46ddb3fa250dfb4808c3a43f7846d7c643a4f325
-
SHA256
2664162d0341d8e5cf1cf3a290b77406d87111e3c9ff3fcf3a4f0836d15d3afe
-
SHA512
485074c33256cd04b80f1f58297f5d26f55be56cd8837d35a825d8612407b310bfa29cde9e1934eec92da0a77b37f6e21f0ced9e3ce731ed8673c4b4da82f00e
-
Formbook Payload
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-