General
-
Target
inquiry10204168.xlsx
-
Size
1.3MB
-
Sample
210113-l72eaxsq4n
-
MD5
78858bd1cc5cbb75c6173d867284b52b
-
SHA1
198e3be4d2334c898a97c0fa05c52c50369c42d3
-
SHA256
b8f509962aeb090743d2982087ce11853df912f24190158d11d08e6081c17fce
-
SHA512
27e410599098b11e8ba5ea6d554699720d9dc8ba303582511b7ab1d1b20bd36dbcaff1fe13f790db2eb0f01c14c76a2490b69c27e93eecc211cd0e0181d988d6
Static task
static1
Behavioral task
behavioral1
Sample
inquiry10204168.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
inquiry10204168.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.zglvyouzaixian.com/nki/
igo-digiworld.com
infrahiit.com
herhealingwater.com
inspiredbytradition.com
onlinepropertyworld.com
rvwdj.com
mudahbikinsuhi.online
multipleofferonline.com
striveyouthministry.com
affectiveneuro.net
f21m.com
perfumefashion.icu
instantcash4rvs.com
help-verifiedbadge.com
solomonislandsblog.com
vipshoppingwizard.com
doggybargains.com
fjyaoxi.net
luxpropertyandassociates.com
companyfinders.com
alifeflooring.com
watermeloncrypto.com
internationalaid.global
petrosu.net
fireyourschool.com
gofawerunebe.com
lazystorage.com
tgasstore.com
adoniskitchenbath.com
it4cracks.com
revsharez.com
radioroutiers.com
szalun.com
theacademylife.com
jackcdoherty.com
theselfcaremenu.com
arentist.com
skyfun.asia
kroumoda.com
brodskikonetejneri.com
citestmansoon3445.com
laalianza.net
lwfenterprises.com
changeledger.com
x-box2send15.club
postraducion.xyz
kpybevx.icu
lolamind.com
jaipurethnic.com
candixenergy.com
degreespoint.com
311tac.com
donationwheel.com
ps3e.com
hyderabadcycles.com
nehyam.com
eversouthhangzhou.com
modaemira.com
k2bsi.com
jiopan.com
wheelerfamilyhistory.net
htaxbiz.com
somethinggotmestarted.com
aprilsbookkeeping.com
Targets
-
-
Target
inquiry10204168.xlsx
-
Size
1.3MB
-
MD5
78858bd1cc5cbb75c6173d867284b52b
-
SHA1
198e3be4d2334c898a97c0fa05c52c50369c42d3
-
SHA256
b8f509962aeb090743d2982087ce11853df912f24190158d11d08e6081c17fce
-
SHA512
27e410599098b11e8ba5ea6d554699720d9dc8ba303582511b7ab1d1b20bd36dbcaff1fe13f790db2eb0f01c14c76a2490b69c27e93eecc211cd0e0181d988d6
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-