General
-
Target
Draft shipping docs.xlsx
-
Size
1.9MB
-
Sample
210112-vt8bcvx392
-
MD5
e3cbb9f2fa65eb74780f05bd16ef3832
-
SHA1
2d80176ed96b118c698bd2a848198b999c33e1e5
-
SHA256
aab172b9c20aebdf70dbced4a259c4318a13216a803e7e816e841fbd5f7d7e88
-
SHA512
66d67b4618876fd95893443aa1ce6facba20ccbabe8a213b58e51fc0c1568197931d6436c5e2a570227429b689d4372f3a98cb29cfeeed319a2fd616842d75eb
Static task
static1
Behavioral task
behavioral1
Sample
Draft shipping docs.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Draft shipping docs.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.aftabzahur.com/wgn/
kokokara-life-blog.com
faswear.com
futureleadershiptoday.com
date4done.xyz
thecouponinn.com
bbeycarpetsf.com
propolisnasalspray.com
jinjudiamond.com
goodevectors.com
nehyam.com
evalinkapuppets.com
what-if-statistics.com
rateofrisk.com
impacttestonlinne.com
servis-kaydet.info
coloniacafe.com
marcemarketing.com
aarigging.com
goddesswitchery.com
jasqblo.icu
ballotlocations.com
opulentredesign.com
nicolakwan.com
timcarecskh.online
albertaeatsfood.com
impactnwf.com
transportersolutions.com
jkfdjkdjkfjkddre.com
haslvapps.com
oakhazelnut.com
jazzyfans.net
uklcp.com
genericfreeemailservice.com
jettbay.com
utahcommunitynewsnetwork.com
vinos-online.com
lafatime.com
2438kingsland.com
groovepags.com
locationwhiz.com
edu1center.com
chronic-trauma.com
ytr.xyz
airconacademy-courses.com
gawafeqauibne.com
flowcedure.com
bwproskill.com
woodenbros.com
thesearsgroupnc.com
whoaminot.com
addvations.com
fatboidonuts.com
mobileworkforcevpn.net
offto.site
tehospedamos.com
nadinerae.com
betherightcandidate.com
ethosgov.com
cgbaran.com
xynewadmrykaa.com
socialdistancing.cool
kedalamsapi.com
hendifishing.online
geniusprosolutions.com
Targets
-
-
Target
Draft shipping docs.xlsx
-
Size
1.9MB
-
MD5
e3cbb9f2fa65eb74780f05bd16ef3832
-
SHA1
2d80176ed96b118c698bd2a848198b999c33e1e5
-
SHA256
aab172b9c20aebdf70dbced4a259c4318a13216a803e7e816e841fbd5f7d7e88
-
SHA512
66d67b4618876fd95893443aa1ce6facba20ccbabe8a213b58e51fc0c1568197931d6436c5e2a570227429b689d4372f3a98cb29cfeeed319a2fd616842d75eb
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-