General
-
Target
Req No. 1807164 LP21.doc
-
Size
1.5MB
-
Sample
210118-dy5j2nxyq6
-
MD5
33ce04c3aaff4168b756498f34429eaf
-
SHA1
8d2526c297d691bf04cc1a3b3add8e2303841cdf
-
SHA256
3687f2ed161b33f5c9dba06ac1bc784f15a83c353a594d2cf9724bcb6f9c56ff
-
SHA512
3c641ddd9bdfff484f621d97fb7c4e1196f51cb7e5a0b81b2671351d5511909b811c0b8ac1aefec7180b215280afba889f5c2d7cedb4ecf214b5276d9289dcc7
Static task
static1
Behavioral task
behavioral1
Sample
Req No. 1807164 LP21.doc.rtf
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Req No. 1807164 LP21.doc.rtf
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.raleighblacknursesrock.com/sly/
nature-nectar.com
lavenderbunch.com
itsguapo.com
silabrenda.digital
madelynmason.com
uslawyer911.com
sumarjewelry.com
therefundexperts.com
smartunity.community
jamesdalby.com
7697vip3.com
bytethug.com
f22.info
positivechargerecycling.com
srimps.net
conversica.partners
chezmireillestore.com
ukiyoservices.com
catsdungeon.com
svactionwmdp7955.com
petnosis.com
dorealgood.vote
meganpeasley.com
southafricanbands.com
donatecbb.com
coinlocaly.com
sharbay.net
nehyam.com
niviholdings.com
baielinda.com
secserve.email
primefoodny.com
coppermachines.com
shionoriginal.com
customtiletables.com
carlsondellosa.com
studiofalaise.com
mdtilenh.com
cpointsolutions.com
iteacherpreneur.com
southerngp.com
hf-te27g5.net
laligaproplayer.com
spreadwordsnotcovid.com
propertysolutionspecialist.com
instore.express
livelinecoffee.com
transfigurethis.com
sabeelfund.com
suntour-nb.com
eatonvancewateroakadvisers.info
kakavjesajt.com
zillion-ch.com
indiancoderclub.com
gymlessbakery.com
bclub.info
atqkhmlqi.icu
gatele3s.com
smb-cybersecurity-services.com
pssjzz.com
miniteco.com
yowoit.com
analytics-ocean.com
shivamshield.com
Targets
-
-
Target
Req No. 1807164 LP21.doc
-
Size
1.5MB
-
MD5
33ce04c3aaff4168b756498f34429eaf
-
SHA1
8d2526c297d691bf04cc1a3b3add8e2303841cdf
-
SHA256
3687f2ed161b33f5c9dba06ac1bc784f15a83c353a594d2cf9724bcb6f9c56ff
-
SHA512
3c641ddd9bdfff484f621d97fb7c4e1196f51cb7e5a0b81b2671351d5511909b811c0b8ac1aefec7180b215280afba889f5c2d7cedb4ecf214b5276d9289dcc7
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook Payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-