General
-
Target
Shipping document.xlsx
-
Size
2.1MB
-
Sample
210119-9fwjpdg7g6
-
MD5
a9f42b2b846babc81871dbe5bfcf6dea
-
SHA1
a00f4af3ce37dadc350c619297115111f18c1db1
-
SHA256
942ae80ca9f3d10b99da8d422e94850bafc51c498484309a0838e8183038f5a9
-
SHA512
ed4fdbbc7871262195ccbd08895a0475fff770c3a869ca94cc8be42e5ecbc3785f11e4a7e75cfc35f8561351ae470ee0aa522be251e8a8e0287a2386ec11606d
Static task
static1
Behavioral task
behavioral1
Sample
Shipping document.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Shipping document.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.aftabzahur.com/wgn/
kokokara-life-blog.com
faswear.com
futureleadershiptoday.com
date4done.xyz
thecouponinn.com
bbeycarpetsf.com
propolisnasalspray.com
jinjudiamond.com
goodevectors.com
nehyam.com
evalinkapuppets.com
what-if-statistics.com
rateofrisk.com
impacttestonlinne.com
servis-kaydet.info
coloniacafe.com
marcemarketing.com
aarigging.com
goddesswitchery.com
jasqblo.icu
ballotlocations.com
opulentredesign.com
nicolakwan.com
timcarecskh.online
albertaeatsfood.com
impactnwf.com
transportersolutions.com
jkfdjkdjkfjkddre.com
haslvapps.com
oakhazelnut.com
jazzyfans.net
uklcp.com
genericfreeemailservice.com
jettbay.com
utahcommunitynewsnetwork.com
vinos-online.com
lafatime.com
2438kingsland.com
groovepags.com
locationwhiz.com
edu1center.com
chronic-trauma.com
ytr.xyz
airconacademy-courses.com
gawafeqauibne.com
flowcedure.com
bwproskill.com
woodenbros.com
thesearsgroupnc.com
whoaminot.com
addvations.com
fatboidonuts.com
mobileworkforcevpn.net
offto.site
tehospedamos.com
nadinerae.com
betherightcandidate.com
ethosgov.com
cgbaran.com
xynewadmrykaa.com
socialdistancing.cool
kedalamsapi.com
hendifishing.online
geniusprosolutions.com
Targets
-
-
Target
Shipping document.xlsx
-
Size
2.1MB
-
MD5
a9f42b2b846babc81871dbe5bfcf6dea
-
SHA1
a00f4af3ce37dadc350c619297115111f18c1db1
-
SHA256
942ae80ca9f3d10b99da8d422e94850bafc51c498484309a0838e8183038f5a9
-
SHA512
ed4fdbbc7871262195ccbd08895a0475fff770c3a869ca94cc8be42e5ecbc3785f11e4a7e75cfc35f8561351ae470ee0aa522be251e8a8e0287a2386ec11606d
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-