General
-
Target
Payment_Advice .doc
-
Size
631KB
-
Sample
210421-zqcgnrh86j
-
MD5
02f8946d106c9da4187129f2eb0278b9
-
SHA1
b9fed8b99b334c1b0062093bfb42eb62e2d8e562
-
SHA256
f73c305a30ff01530c49c735e5c3b92b38248ecab0355b60d7e6e61eaebd398b
-
SHA512
1a0ae4cab6e69d08748a8d459133bc5109905565f430866004176097893e3b7b5e4b4c28bc4e7b23d99581b0cdf72074f036e86d5038809b8b781121379f2791
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Advice .doc.rtf
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Payment_Advice .doc.rtf
Resource
win10v20210410
Malware Config
Extracted
formbook
4.1
http://www.shoprodeovegas.com/xcl/
sewingtherose.com
thesmartshareholder.com
afasyah.com
marolamusic.com
lookupgeorgina.com
plataforyou.com
dijcan.com
pawtyparcels.com
interprediction.com
fairerfinancehackathon.net
thehmnshop.com
jocelynlopez.com
launcheffecthouston.com
joyeveryminute.com
spyforu.com
ronerasanjuan.com
gadgetsdesi.com
nmrconsultants.com
travellpod.com
ballparksportscards.com
milehighcitygames.com
sophieberiault.com
2020uselectionresult.com
instantpeindia.com
topgradetutors.net
esveb.com
rftjrsrv.net
raphacall.com
wangrenkai.com
programme-zeste.com
idtiam.com
cruzealmeidaarquitetura.com
hidbatteries.com
print12580.com
realmartagent.com
tpsmg.com
mamapacho.com
rednetmarketing.com
syuan.xyz
floryi.com
photograph-gallery.com
devarajantraders.com
amarak-uniform.com
20190606.com
retailhutbd.net
craftbrewllc.com
myfreezic.com
crystalwiththecrystalz.com
ghallagherstudent.com
britishretailawards.com
thegoldenwork.com
dineztheunique.com
singlelookin.com
siyuanshe.com
apgfinancing.com
slicktechgadgets.com
wellemade.com
samytango.com
centaurme.com
shuairui.net
styleket.com
wpcfences.com
opolclothing.com
localiser.site
Targets
-
-
Target
Payment_Advice .doc
-
Size
631KB
-
MD5
02f8946d106c9da4187129f2eb0278b9
-
SHA1
b9fed8b99b334c1b0062093bfb42eb62e2d8e562
-
SHA256
f73c305a30ff01530c49c735e5c3b92b38248ecab0355b60d7e6e61eaebd398b
-
SHA512
1a0ae4cab6e69d08748a8d459133bc5109905565f430866004176097893e3b7b5e4b4c28bc4e7b23d99581b0cdf72074f036e86d5038809b8b781121379f2791
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-