General
-
Target
inquiry10204168.xlsx
-
Size
1.2MB
-
Sample
210113-58728xgm2x
-
MD5
07f99c2135effb00a334fdd978259cb3
-
SHA1
32bbe469f0222276b5d0a6947ba6f137221e8617
-
SHA256
69f600cd0a147b4209768992bf6c707d7ff197a6952e373cca08a9cc8bff1fd6
-
SHA512
77aabef86541d9be0e87094badf37b8f4e0342a8cfd39d7f3f865d81e0a97a8563b8c36dca18c6c0b619c36c93484ea673a0cf5153013e86bd906a74889ef918
Static task
static1
Behavioral task
behavioral1
Sample
inquiry10204168.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
inquiry10204168.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.theatomicshots.com/xle/
tknbr.com
loyaloneconstruction.com
what-where.com
matebacapital.com
marriedandmore.com
qiemfsolutions.com
graececonsulting.com
www7456.com
littlefreecherokeelibrary.com
tailgatepawkinglot.com
musheet.com
tesfamariamtb.com
1728025.com
xceltechuae.com
harperandchloe.com
thepamperedbarber.com
5050alberta.com
supplychainstrainer.com
lacorte.group
ringingbear.com
dwerux.com
localeastbay.com
zhongyier.com
liamascia.com
bigdudedesign.com
agilearccreations.com
clxkxmk.com
articlesforthehome.com
prestiticadalanu.com
mayanroofingsystems.com
homeherbgardener.com
ricardoinman.com
xrhaoqilai180.xyz
queromake.com
holywaterfoundation.com
modacicekevi.com
beardeco.com
universityhysteria.com
lastguytogetcorona.com
winton.school
sanborns.xyz
bbluebay3dwdshop.com
mateingseason.com
oro-iptv.com
pdlywh.com
fallgus.com
dezignercloset.com
dasarelektronika.info
cyberparkplace.com
serenshiningarts.com
edgecase.pro
binhminhgarrden.net
fansofads.com
fortykorp.com
shastaestatesseniorliving.com
raksrecording.com
mack-soldenfx.com
freisaq.com
sesaassociates.com
calerconsult.com
sarahpyle.xyz
threepeninsulas.com
proficienthomesalesandloans.com
floridasoapwork.com
Targets
-
-
Target
inquiry10204168.xlsx
-
Size
1.2MB
-
MD5
07f99c2135effb00a334fdd978259cb3
-
SHA1
32bbe469f0222276b5d0a6947ba6f137221e8617
-
SHA256
69f600cd0a147b4209768992bf6c707d7ff197a6952e373cca08a9cc8bff1fd6
-
SHA512
77aabef86541d9be0e87094badf37b8f4e0342a8cfd39d7f3f865d81e0a97a8563b8c36dca18c6c0b619c36c93484ea673a0cf5153013e86bd906a74889ef918
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-