General
-
Target
SO.xlsm.com
-
Size
1000KB
-
Sample
210423-wt2wfrbnpn
-
MD5
1897e7a63a0424946e9274d83b405de2
-
SHA1
e15588e0c4ab4e12206e370b0b122b2b42ecf837
-
SHA256
b4751ea85e4bdc57c69f0dfd09e9622e31eb23bac589d7ee409eceaca56ea280
-
SHA512
66f07acbc89ff62dbdbed06efaaa7721f6bd46d9b94a86ba9f2bca3f5552977b8bd9ad375764036a8f6eaa6f74029dabd30e6602ab6f11a719eebec97338560e
Static task
static1
Behavioral task
behavioral1
Sample
SO.xlsm.com.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.hollandhousedesigns.design/vns/
sparkspressworld.com
everydayresidency.com
thebosscollectionn.com
milkweedmagic.com
worklesshours.com
romeosfurnituremadera.com
unclepetesproduce.com
athleticamackay.com
9nhl.com
powellassetmanagement.com
jxlamp.com
onpointpetproducts.com
buymysoft.com
nazertrader.com
goprj.com
keeptalkservice.com
aolei1688.com
donstackl.com
almasorchids.com
pj5bwn.com
featuredshop2020.com
connectmheduaction.com
kcastleint.com
quintessentialmiss.com
forenvid.com
vetementsbd.com
fabrizioamadori.net
remaxplatinumva.com
drivecart.net
ordertds.com
huayuanjiajiao.com
islamiportal.com
innergardenhealing.space
wlwmwntor.com
wiitendo.com
ceschandigarh.com
mitchellche.com
levaporz.com
eraophthalmica.com
gnzywyht.com
bobbinsbroider.com
pollygen.com
xn--kbrsotocheckup-5fcc.com
theunprofessionalpodcast.com
lendini.site
digitalpardis.com
meenaveen.com
yihuafence.com
mercadoaria.com
domennyarendi44.net
juandiegopalacio.com
meltdownfitnesstulsa.com
xn--laclnicadelvnculo-gvbi.com
paripartners378.com
valadecia.com
womenring.com
ocarlosresolve.com
vedicherbsindia.com
nonnearrapate.com
viplending.net
angelbeatsgamingclan.com
rigmodisc.com
page-id-78613.com
yapadaihindi.com
Targets
-
-
Target
SO.xlsm.com
-
Size
1000KB
-
MD5
1897e7a63a0424946e9274d83b405de2
-
SHA1
e15588e0c4ab4e12206e370b0b122b2b42ecf837
-
SHA256
b4751ea85e4bdc57c69f0dfd09e9622e31eb23bac589d7ee409eceaca56ea280
-
SHA512
66f07acbc89ff62dbdbed06efaaa7721f6bd46d9b94a86ba9f2bca3f5552977b8bd9ad375764036a8f6eaa6f74029dabd30e6602ab6f11a719eebec97338560e
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-