General
-
Target
Shipping Doc_Posen 2011S.xlsx
-
Size
1.9MB
-
Sample
210115-ccjgdtvdmx
-
MD5
6251595d49a8e13fd50acdee711a4907
-
SHA1
3858854ea990b7b7093a11d817a71e78153f42c1
-
SHA256
3519fe69cbcf16296c897fae7afe09ce22b9d3b8ebfaf2be8d958d985c9104f8
-
SHA512
4074c4decfe9790dc3605e183e2dd536446ec0404194dd1df53dbccb3de9f5b0db55df603713b5e94d51c60c64091e9cda576c84496d783723663b3691f3d689
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Doc_Posen 2011S.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Shipping Doc_Posen 2011S.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.waverunner-fan.com/pp2/
meredithridenhour.com
foundationsseniormanagement.com
sallyta.com
msmonlinellc.com
entreprisesfr.com
neadclunlounge.com
lexuscarbonfiber.com
electroglas-probers.com
investedgefinancialinc.com
blm.healthcare
workoutmagazinemx.com
edmondsagent.com
rodrigzart.com
standardstripcurtains.com
carrier.email
hifan.info
fhcqtravel.com
legacycream.com
topfurnity.com
solids-development.net
e-reklamcim.com
cookedabs.com
ecotime.info
rosalesingenieria.com
onehundredphotographs.com
brightwoodcollection.com
kafamrahat.pro
moveagronegocios.com
voltchargers.net
rgsjanitorial.com
oroinplastic.com
papelonlavapies.com
jayfloe.com
hotlinefx.com
anitrap.com
nehyam.com
vistas-del-valle.com
liliaandjohn.com
thelifehereafter.com
homepublishingonline.com
moneo-umu.com
99blogs.club
mauricemeade.com
55967w.com
yhel-official.com
auykypzna.club
theindiatrends.com
legnoartshopusa.com
dkbaits.com
fairandfitness.store
rakkutenn.icu
teamamlinhomevalue.com
stayweirdswim.uk
businesscouuntmanagement.com
zunebox.com
paracubaexpress.com
legantstylz.net
locomarket-kwt.com
kal-shop.com
guoyuan.plus
kocaeliguvercin.com
silverrosefd.co.uk
kunstatelier.net
gomoolah.com
Targets
-
-
Target
Shipping Doc_Posen 2011S.xlsx
-
Size
1.9MB
-
MD5
6251595d49a8e13fd50acdee711a4907
-
SHA1
3858854ea990b7b7093a11d817a71e78153f42c1
-
SHA256
3519fe69cbcf16296c897fae7afe09ce22b9d3b8ebfaf2be8d958d985c9104f8
-
SHA512
4074c4decfe9790dc3605e183e2dd536446ec0404194dd1df53dbccb3de9f5b0db55df603713b5e94d51c60c64091e9cda576c84496d783723663b3691f3d689
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-