General
-
Target
VM ASIAN CHAMPION.xlsx
-
Size
1.8MB
-
Sample
210113-rx8pwt59pj
-
MD5
fc2961be55b07415b4f6a712bd7736e5
-
SHA1
e1c6c4c78a6deebda2e5444bc84317658a0f5b52
-
SHA256
e2a65cc31e28a6510e974316379e8b6eb7c138d1da04cf84d0293fdc55d7d08e
-
SHA512
d8e8a3f15b21ba1824788c774116a83af1d021634a5da09dc7a5a2abba02aabfe8ae3b44f7f53fb62a8c47d6120d1fe28ccbdc6ed99b73cf647b9947bd652c02
Static task
static1
Behavioral task
behavioral1
Sample
VM ASIAN CHAMPION.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
VM ASIAN CHAMPION.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.printmeroyal.com/ndm/
gamilashopping.com
thebodyerotique.com
vulcan24on-line.com
nehyam.com
retrofityapi.com
sprayld2u.com
kieronart.com
vinteebee.com
temati.club
drenaz-limfatyczny.com
zrtopway.com
acaciagardens-bh.com
myloudmylarbags.com
fejseshessete.com
total-bar.com
yourmajordomo.com
newsstarbharat.com
vongbi.asia
multipeace.space
thesmellyheifer.com
sjvvideocoaching.com
nogrudge.com
buildenergysmarthomes.com
webmailinformations.space
hau3.com
ladsereuyrlsp-online.com
malindanicholes.com
ranatrades.com
fukuwarai-0805.com
satabin-paysagiste.com
sachinenterprise.xyz
ale-hop.online
softlizer.com
magishian.xyz
justiceusers.com
unstoppablebeliefs.com
transporteshappy.com
realclaimsofamericacorp.com
dailytourtoraja.com
thewinethatsrightforyou.com
castorplanet.com
orangewoodestates.net
stealueda.com
blackenterprisegroup.com
fyipython.com
tulipabotanica.com
pinkfang.com
suyeongdongsan.com
aredstarling.com
zkyhtautm.icu
sacp-dz.com
madeira-marlin.com
recapitulatif-ids.pro
wildlandsuas.com
urbangardenlady.com
valianthomesnc.com
aps555.com
naptherobux.com
washingtoncas.com
52cy.ink
georgiagc.com
theforex.one
notrecondourbania.com
asterinfo.com
Targets
-
-
Target
VM ASIAN CHAMPION.xlsx
-
Size
1.8MB
-
MD5
fc2961be55b07415b4f6a712bd7736e5
-
SHA1
e1c6c4c78a6deebda2e5444bc84317658a0f5b52
-
SHA256
e2a65cc31e28a6510e974316379e8b6eb7c138d1da04cf84d0293fdc55d7d08e
-
SHA512
d8e8a3f15b21ba1824788c774116a83af1d021634a5da09dc7a5a2abba02aabfe8ae3b44f7f53fb62a8c47d6120d1fe28ccbdc6ed99b73cf647b9947bd652c02
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-