General
-
Target
Ordine di acquisto GM004868.doc
-
Size
572KB
-
Sample
210420-6qp2sqdlc2
-
MD5
8e76e36ecd9c1cf7815a895060b1faf8
-
SHA1
808b8c09768912bd4305904d4919489c98b75ed0
-
SHA256
0ed349a732a4c26e6d9fd8d7311239bf86dc676a77ea6fe73c58a676373814a0
-
SHA512
d7348b89c470dfad0a44b5f44c50760eb835f9bec3d865a79ff1c60e0723f7aadc3c3341819b554833cd7a3b9d8429e691c6458b232a8f698e05bc83d8f46eed
Static task
static1
Behavioral task
behavioral1
Sample
Ordine di acquisto GM004868.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Ordine di acquisto GM004868.doc
Resource
win10v20210410
Malware Config
Extracted
formbook
4.1
http://www.shoprodeovegas.com/xcl/
sewingtherose.com
thesmartshareholder.com
afasyah.com
marolamusic.com
lookupgeorgina.com
plataforyou.com
dijcan.com
pawtyparcels.com
interprediction.com
fairerfinancehackathon.net
thehmnshop.com
jocelynlopez.com
launcheffecthouston.com
joyeveryminute.com
spyforu.com
ronerasanjuan.com
gadgetsdesi.com
nmrconsultants.com
travellpod.com
ballparksportscards.com
milehighcitygames.com
sophieberiault.com
2020uselectionresult.com
instantpeindia.com
topgradetutors.net
esveb.com
rftjrsrv.net
raphacall.com
wangrenkai.com
programme-zeste.com
idtiam.com
cruzealmeidaarquitetura.com
hidbatteries.com
print12580.com
realmartagent.com
tpsmg.com
mamapacho.com
rednetmarketing.com
syuan.xyz
floryi.com
photograph-gallery.com
devarajantraders.com
amarak-uniform.com
20190606.com
retailhutbd.net
craftbrewllc.com
myfreezic.com
crystalwiththecrystalz.com
ghallagherstudent.com
britishretailawards.com
thegoldenwork.com
dineztheunique.com
singlelookin.com
siyuanshe.com
apgfinancing.com
slicktechgadgets.com
wellemade.com
samytango.com
centaurme.com
shuairui.net
styleket.com
wpcfences.com
opolclothing.com
localiser.site
Targets
-
-
Target
Ordine di acquisto GM004868.doc
-
Size
572KB
-
MD5
8e76e36ecd9c1cf7815a895060b1faf8
-
SHA1
808b8c09768912bd4305904d4919489c98b75ed0
-
SHA256
0ed349a732a4c26e6d9fd8d7311239bf86dc676a77ea6fe73c58a676373814a0
-
SHA512
d7348b89c470dfad0a44b5f44c50760eb835f9bec3d865a79ff1c60e0723f7aadc3c3341819b554833cd7a3b9d8429e691c6458b232a8f698e05bc83d8f46eed
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-