General
-
Target
7426da962e68c5b20a5159ca4e911eee.rtf
-
Size
8KB
-
Sample
210420-ch4g7s122n
-
MD5
7426da962e68c5b20a5159ca4e911eee
-
SHA1
a3a37b190077a308a17ddb82aa545610807f6e8b
-
SHA256
70f35721eb13022a6ae320055bf74d8c3bf688d5cd04c3bea37f6c2e4886d1b3
-
SHA512
e4f398322e4d020efcecea06cd2b3f77c3ce19a62cb4ab983aa7cceb7f9a3a00036057fa9e3cbc31a135b2e241cf6fe9540e260dedc251d9ab92f3843ef991ae
Static task
static1
Behavioral task
behavioral1
Sample
7426da962e68c5b20a5159ca4e911eee.rtf
Resource
win7v20210408
Behavioral task
behavioral2
Sample
7426da962e68c5b20a5159ca4e911eee.rtf
Resource
win10v20210410
Malware Config
Extracted
formbook
4.1
http://www.yabo101games.net/dps/
mediationgenie.com
top-endstrollers.com
nunxia.com
whitehorsestone.com
outdoorfurniturevn.com
linary1994.com
portlandsbestdopczeic.com
thespiritbankchecking.com
tannerzaharis.com
lolaelzein.net
wotulove.com
haasjustice.com
humanpossibilitiesfreed.com
libreo.club
xn--onegcio-o0a.com
mysticbali.com
ruhuxue.com
befashionbelts.online
gourmetgrazingplatters.com
basintechnologies.com
floryi.com
abgdase.net
qdwaimao.com
cltfoundrydistrict.com
agro4-0.online
vecinii.com
elsy.holdings
nirvananaturalorganics.info
bluzotaz.com
btfyad.com
lagnaippe.com
jussydrinks.com
tai-materias.net
narulanonwoven.com
od4impact.com
girlssandfeet.com
dudultala.com
upthunhap.com
topangasoul.com
rgiig.com
pinkandmint.style
project99x.com
webcarekit.com
elgasurgicals.com
undergroundjoyride.com
dricleanpro.com
therainbowsofhope.com
ov-co.com
metalmedicpdrnz.com
shupaishuiban.com
batubatamerahtemanggung.com
rootsmlife.com
uxmilkallnight.com
stikepage.com
ikrasnoperov.com
xslxbnim.icu
grasshuachipanorte.com
wedadio.com
dhenthi.com
techlovement.com
findthematchmakerrealtor.com
friendsofjinnih.site
swissaeropress.coffee
loclalbitcoins.com
Targets
-
-
Target
7426da962e68c5b20a5159ca4e911eee.rtf
-
Size
8KB
-
MD5
7426da962e68c5b20a5159ca4e911eee
-
SHA1
a3a37b190077a308a17ddb82aa545610807f6e8b
-
SHA256
70f35721eb13022a6ae320055bf74d8c3bf688d5cd04c3bea37f6c2e4886d1b3
-
SHA512
e4f398322e4d020efcecea06cd2b3f77c3ce19a62cb4ab983aa7cceb7f9a3a00036057fa9e3cbc31a135b2e241cf6fe9540e260dedc251d9ab92f3843ef991ae
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-