General
-
Target
Mv Maersk Kleven V949E.xlsx
-
Size
2.4MB
-
Sample
210119-afhykkfpfn
-
MD5
7be48590a40b95f8c880ea32c74bdd1b
-
SHA1
95b6f415362d44a6c3e6634b64dcaa57f460e548
-
SHA256
1c8c9700cce4a96d5b6de0cc0bc7de93a2eb0857ba6bf209175bbe1ef1fb03f2
-
SHA512
9ff9f5f07ccddf8ea0da07a89a0606985cef2d18b48f59a01d491440db5b3fe3e88f5c1c233a977148dcb2d6ab3fe85e8b06db0880fe2ee28c556c81d9e047f8
Static task
static1
Behavioral task
behavioral1
Sample
Mv Maersk Kleven V949E.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Mv Maersk Kleven V949E.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.embracingmyjourney.net/p7t/
crosvudigital.com
airgreenllc.com
epochryphal.com
handy-domain-listing.com
espaceideecreation.com
3sleeves.com
alotrooms.com
luttelion.com
efekaleci.xyz
allpapas.com
alverazricardez.com
meghandoria.com
deicorp-community.com
877nz.com
bahmanhochmetalwerks.com
teppeisugaya.com
kitrablog.digital
theatermoviebuying.com
ptlycloudy.com
ablehed.pro
tolsecuremessagino.com
threepillarsofhealth.com
terrafirma-realty.com
ferreteriachiclana.com
badland-guns.com
emdidg.net
amazingchristianschool.com
delunmolding.com
laurencosiovocalstudio.com
ayrelon.com
serenderturizm.com
meet2night.site
lyoml.com
samarclinic.info
styvet.com
chriswoodgolf.com
htgginsure.com
bbvqcompass.com
reggielawfirm.com
graphix3dpromotions.com
surla.club
dlhexiang.com
awalkerfamilylaw.com
kingdofficial.online
qbluedotvrwd.com
porolonsamostroi.com
anametz.com
losrentablesdeoro.com
yax31.com
loudlocks.com
freisaq.com
digitalwalletsnews.com
mymaymotors.com
ecommerceeu.com
mtvoniline24.com
obluedotsmartshop.com
phantomgoat.com
dulcevazques.com
excession.network
abnehm-quiz.online
toyreel.com
kingdom-steel.com
grandmasalt.com
boykinspto.com
Targets
-
-
Target
Mv Maersk Kleven V949E.xlsx
-
Size
2.4MB
-
MD5
7be48590a40b95f8c880ea32c74bdd1b
-
SHA1
95b6f415362d44a6c3e6634b64dcaa57f460e548
-
SHA256
1c8c9700cce4a96d5b6de0cc0bc7de93a2eb0857ba6bf209175bbe1ef1fb03f2
-
SHA512
9ff9f5f07ccddf8ea0da07a89a0606985cef2d18b48f59a01d491440db5b3fe3e88f5c1c233a977148dcb2d6ab3fe85e8b06db0880fe2ee28c556c81d9e047f8
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-