General
-
Target
Biomed quotation.xlsx
-
Size
461KB
-
Sample
210421-h9s64qky7s
-
MD5
cede2983cf919e588ecdaaa897ee843f
-
SHA1
4a17802328d5df28a50aa70dded5450ff9fe0107
-
SHA256
50a0ad7b25ca559bc2d753a6b5c7bcdc91d362977f3169f9d344ceef9e7c1cf8
-
SHA512
861701a236cd9d6f39351bc65f343b262966fbce5b9363cb9ae5bde8673aeb58396f1c08ac4c9fd32728cc1453064c4eaa7b1bb3e957896e6cc213fa1650b422
Static task
static1
Behavioral task
behavioral1
Sample
Biomed quotation.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Biomed quotation.xlsx
Resource
win10v20210408
Malware Config
Extracted
formbook
4.1
http://www.kelurahanpatikidul.xyz/op9s/
playsystems-j.one
exchange.digital
usaleadsretrieval.com
mervegulistanaydin.com
heavythreadclothing.com
attorneyperu.com
lamuerteesdulce.com
catxirulo.com
willowrunconnemaras.com
laospecial.com
anchotrading.com
mycreditebook.com
jiujiu.plus
juniperconsulting.site
millionairsmindset.com
coronaviruscuredrugs.com
services-office.com
escanaim.com
20svip.com
pistonpounder.com
lasecrete.com
sabaimeds.com
madinatalmandi.com
jumlasx.xyz
smartspeicher.net
punkyprincess.com
herren-pharma.com
belfastoutboard.com
safifinancial.info
xn--15q04wjma805a84qsls.net
washingtonrealestatefinder.com
jewishdiaspora.com
aerinfranklin.com
taylorglennconsulting.com
fartoogood.com
samjinblock.com
minianimedoll.com
saporilog.com
littlebirdwire.com
xn--farmasi-kayt-c5b.com
purifiedgroup.com
purifymd.com
renewedspacesofva.com
pilardasaude.com
varietycomplex.com
leadsprovider.info
streamxvid.com
manuelbriand.com
hellosunshinecrafts.com
hellodecimal.com
4980057280880200.xyz
dynmit021.digital
hotdogvlog.com
fairyrugs.com
ievapocyte.com
prospecsports.com
proteknical.com
36rn.com
mongdols.com
rentportals.com
drcpzc.com
h59h.com
sonjowasi.com
nalanmeat.com
Targets
-
-
Target
Biomed quotation.xlsx
-
Size
461KB
-
MD5
cede2983cf919e588ecdaaa897ee843f
-
SHA1
4a17802328d5df28a50aa70dded5450ff9fe0107
-
SHA256
50a0ad7b25ca559bc2d753a6b5c7bcdc91d362977f3169f9d344ceef9e7c1cf8
-
SHA512
861701a236cd9d6f39351bc65f343b262966fbce5b9363cb9ae5bde8673aeb58396f1c08ac4c9fd32728cc1453064c4eaa7b1bb3e957896e6cc213fa1650b422
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-