General
-
Target
Order No.428 1-18-2021 BA URUS BINA (M) SDN BHD.doc
-
Size
1.5MB
-
Sample
210118-sgl59xp1lj
-
MD5
6afa446a78ee1e4003e2419c4b3ff648
-
SHA1
d8ab568179d3dae50e76e7ff0aa6ecb18da84377
-
SHA256
052c6dd23430c3cb18615febd286a20e4fbfdcaa66f45d00b0f8fa1d1e70d92b
-
SHA512
73b0d69a4a134ced282db75f0de06c426db87620bbddf8f030bd2658efe3cc5adf392a5a9ab9a3900b6820010eed2f6c227d2dd9e78121781e7967f3e6443ee2
Static task
static1
Behavioral task
behavioral1
Sample
Order No.428 1-18-2021 BA URUS BINA (M) SDN BHD.doc.rtf
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Order No.428 1-18-2021 BA URUS BINA (M) SDN BHD.doc.rtf
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.histasinsaat.com/lbn/
sanfordrubenstein.net
snehamsolutions.com
sinteredfilter.net
cabinetbernat.com
misatani.com
buttlickhollow.com
alkhatalaswadcomputer.com
odiamonds.jewelry
persentage.club
shesthemanunited.com
boxstaging.com
thetwelvepercentstore.com
mlwgsjabberwock.com
sportscardhq.com
philadelphiaartgallery.com
globalgambling.com
czwykj.com
dizivadi.com
emmaluther.com
searko.com
enjoyingitaly.com
savage-playground.com
startupyoursuccess.com
gokulmedia.com
jbhelpme.com
paranormalchronicle.com
xn--15t807d6kdfva.site
dailyroo.com
xn--3iqa8101avze.com
figandoliveco.com
megami-trading.com
crafit-mie.com
spankwirew.com
restoretherainbow.com
traceyirie.com
miebookfavorito.com
solarsuriname.com
luxeandwhite.com
shuazuan58.com
engakc.com
kitabimigetir.com
chesterchan.com
smartwatchspacespeed.com
ncmbwz.com
bangandmash.com
noon-bay.com
worldthamizhacademylibrary.com
cosmeticosacessorios.com
crying-in-the-castle.com
luminarstudio.info
vacationlandinsurance.com
singleboardcomputerexpo.com
littlemagicmachines.com
mulyanatamateknik.com
thelifeofpepperpoetrylovers.com
westernjeweler.com
kratompodcast.com
akirabacklondon.com
diamondpowerwashes.com
kianna.net
caterfl.com
michaelurbowiczart.com
variationsinvarnish.com
weyersonline.com
Targets
-
-
Target
Order No.428 1-18-2021 BA URUS BINA (M) SDN BHD.doc
-
Size
1.5MB
-
MD5
6afa446a78ee1e4003e2419c4b3ff648
-
SHA1
d8ab568179d3dae50e76e7ff0aa6ecb18da84377
-
SHA256
052c6dd23430c3cb18615febd286a20e4fbfdcaa66f45d00b0f8fa1d1e70d92b
-
SHA512
73b0d69a4a134ced282db75f0de06c426db87620bbddf8f030bd2658efe3cc5adf392a5a9ab9a3900b6820010eed2f6c227d2dd9e78121781e7967f3e6443ee2
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook Payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-