General
-
Target
payment advice.xlsx
-
Size
1.2MB
-
Sample
210113-knb6s4dkd6
-
MD5
ad817786e05c5177fbe3295d94a783b5
-
SHA1
2f6fd26a661aecb7ff82dee366fe4a089a19dd6b
-
SHA256
2e4c648b422366723d7095a3bcbe66b547c3bc61f1448bb10793cb8ea73a6390
-
SHA512
ed8a25bd90f675b64e6f50f6e3e5e5f5daab878f34826a23748f2cf7b1a2f77307db716243a25420d159d31c553f4de82476151cc64dc85c611270d0e17b6135
Static task
static1
Behavioral task
behavioral1
Sample
payment advice.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
payment advice.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.aftabzahur.com/wgn/
kokokara-life-blog.com
faswear.com
futureleadershiptoday.com
date4done.xyz
thecouponinn.com
bbeycarpetsf.com
propolisnasalspray.com
jinjudiamond.com
goodevectors.com
nehyam.com
evalinkapuppets.com
what-if-statistics.com
rateofrisk.com
impacttestonlinne.com
servis-kaydet.info
coloniacafe.com
marcemarketing.com
aarigging.com
goddesswitchery.com
jasqblo.icu
ballotlocations.com
opulentredesign.com
nicolakwan.com
timcarecskh.online
albertaeatsfood.com
impactnwf.com
transportersolutions.com
jkfdjkdjkfjkddre.com
haslvapps.com
oakhazelnut.com
jazzyfans.net
uklcp.com
genericfreeemailservice.com
jettbay.com
utahcommunitynewsnetwork.com
vinos-online.com
lafatime.com
2438kingsland.com
groovepags.com
locationwhiz.com
edu1center.com
chronic-trauma.com
ytr.xyz
airconacademy-courses.com
gawafeqauibne.com
flowcedure.com
bwproskill.com
woodenbros.com
thesearsgroupnc.com
whoaminot.com
addvations.com
fatboidonuts.com
mobileworkforcevpn.net
offto.site
tehospedamos.com
nadinerae.com
betherightcandidate.com
ethosgov.com
cgbaran.com
xynewadmrykaa.com
socialdistancing.cool
kedalamsapi.com
hendifishing.online
geniusprosolutions.com
Targets
-
-
Target
payment advice.xlsx
-
Size
1.2MB
-
MD5
ad817786e05c5177fbe3295d94a783b5
-
SHA1
2f6fd26a661aecb7ff82dee366fe4a089a19dd6b
-
SHA256
2e4c648b422366723d7095a3bcbe66b547c3bc61f1448bb10793cb8ea73a6390
-
SHA512
ed8a25bd90f675b64e6f50f6e3e5e5f5daab878f34826a23748f2cf7b1a2f77307db716243a25420d159d31c553f4de82476151cc64dc85c611270d0e17b6135
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-