General
-
Target
file
-
Size
2.1MB
-
Sample
210122-72d51tx8hn
-
MD5
8722742e5c06fa177d89e333eb144672
-
SHA1
0e47b669b2e65a2feda0acdf07e654b358dacb2e
-
SHA256
415df6eced9ab10f5acdc12b53746463692d9ba2e697dee481989300e4ae98e1
-
SHA512
6b024bd1a1c23b52409a08321d25582b5487476205d377354cf152d7befb379ff53bbbe0a4ab339dac0dccd8cc8a21fe9e8846bb9ff5d80ba9dc7b6280176173
Static task
static1
Behavioral task
behavioral1
Sample
file.rtf
Resource
win7v20201028
Behavioral task
behavioral2
Sample
file.rtf
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.transparentpetcrate.com/lnb/
sauschwein.info
ywpntv.com
gironbeautysalon.online
cryptogeekstuff.com
leosrock.com
sistersv.space
ilss.life
vshuzi.com
europeanculinarymagic.com
mdtlalab.com
boletasenorden.com
eebushe11.com
sms8888.com
arrogantjerxs.com
aboudmotors.com
vzuels.com
searko.com
thathealthysoul.com
365wt38493984284.com
solarpanelsystemflorida.com
testdummylab.com
1728025.com
vrpreservation.com
reinadelosfrikis.com
questionmaze.com
standingstoneevents.com
achraflaabassi.com
austinsubarusouth.com
africa-pif.com
the-hidden-places.com
boobieneckpillow.com
dvisionz.com
charlottescaife.com
shahedahtextiles.com
celebratewithlawilliams.com
sochobadlo.com
soccervest.com
hqyc04.com
lovepeacejoygratitude.com
pamsphils.com
miaportfolio.site
bednhomes.com
centellagoodyear.com
trubluau.com
geraheselouine.com
elkinart.com
next-setup-file.xyz
rashiratan.xyz
memotrace.com
groupdating.club
netflx-updt78f.com
ramonaestudiocreativo.com
giveawayconsumers.xyz
toponeswap.com
bestiephone.com
lifeharness.com
bikerleatherz.com
property-pleasant.website
thediamondbydoron.com
gamesredar.club
tiresgreat.info
actevate.xyz
drblowers.com
nasosd.com
Targets
-
-
Target
file
-
Size
2.1MB
-
MD5
8722742e5c06fa177d89e333eb144672
-
SHA1
0e47b669b2e65a2feda0acdf07e654b358dacb2e
-
SHA256
415df6eced9ab10f5acdc12b53746463692d9ba2e697dee481989300e4ae98e1
-
SHA512
6b024bd1a1c23b52409a08321d25582b5487476205d377354cf152d7befb379ff53bbbe0a4ab339dac0dccd8cc8a21fe9e8846bb9ff5d80ba9dc7b6280176173
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook Payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-