General
-
Target
PI202009255687.xlsx
-
Size
2.5MB
-
Sample
201126-mwt26jl2bs
-
MD5
d7c0c12c1cdf36e9f97f96cb3fe16ae0
-
SHA1
e73e8bd48f5ef68747de444e44d59745cb75b08a
-
SHA256
76b2d9b4655b8a349e1b5c7bf05ac5bb22bea988bc818e46756b17d7e22a37d1
-
SHA512
1032c3abfa95c26c00c42b5bba0ef6bfd565b9391a255f7eb36f5edee271a46fac0e1a707c23a5820a307a76c4773a8b74f0f15efa2c594d6d79e953c52d5a7b
Static task
static1
Behavioral task
behavioral1
Sample
PI202009255687.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PI202009255687.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.blog-cybersecurite.net/ogg/
constmotion.com
castinginiciadas.com
dalvgroup.com
dmetuningkw.com
everygrindcount.com
lovewrendley.com
yourtallahassee.com
healer-jou.com
china-gadge.com
theplatinumworld.com
rakutenlle.xyz
neroflex.com
zdysks.com
e-learningorange.com
starbleach.com
apexappsllc.com
sinteredsurface.com
upcas.info
monetizemybizadvertisers.com
tsptoolbox.net
kobeli.online
rfzhuan.com
hairbyjessiemohler.com
poshmaternityshop.com
iqfeggs.com
moneybusinessclub.com
dulichkaito.com
lordmichaelspencer.com
penislandbrewery.com
clubamericashop.com
afflict.xyz
paletciniz.com
aleksruizphotography.com
8khutpn8g3x9iy.net
deepseacrabclearwater.com
indomediasolutions.com
brokenpinesga.com
redvalleybank.com
yo1marketing.com
cmbclient.xyz
powderedsilk.com
anjmail.xyz
segredosdocopywriting.com
ryan-law-firm.com
annaothomas.com
befitptstudio.com
lygosfilms.info
shajalhasan.com
renewedwomen.net
clippingpathfloor.com
dharani.club
natucolombia.com
kenhdautunhadat.com
final-the.com
mybuildingneeds.com
ashtaylorgoodwin.com
aluarte.info
pustani.com
wraptechauto.com
rtedgarelwood.site
voetbalvandaag.net
undanganelegan.com
molting.life
depoarkasi.com
Targets
-
-
Target
PI202009255687.xlsx
-
Size
2.5MB
-
MD5
d7c0c12c1cdf36e9f97f96cb3fe16ae0
-
SHA1
e73e8bd48f5ef68747de444e44d59745cb75b08a
-
SHA256
76b2d9b4655b8a349e1b5c7bf05ac5bb22bea988bc818e46756b17d7e22a37d1
-
SHA512
1032c3abfa95c26c00c42b5bba0ef6bfd565b9391a255f7eb36f5edee271a46fac0e1a707c23a5820a307a76c4773a8b74f0f15efa2c594d6d79e953c52d5a7b
-
Formbook Payload
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-