General
-
Target
Request for New Quote - Valve Ist Order.doc
-
Size
318KB
-
Sample
210430-ctxrj2x4te
-
MD5
7d80d39f97a6e35dfc339a44d4b76d5c
-
SHA1
c3dc95cd79dbdac0012105f4eab82633f5261f66
-
SHA256
13340714da4aa2f3934591b6e845db59a99dbfbfcd948b96332e64378057453c
-
SHA512
762911be3b0669a521a3b4f12609d7d4a711dc5e8ace2ef3e1395bd9d4688d7fadc84a91c2f4373c7098b7175b2c7382ad9d969ab4f51e85b6b37fe281a3b12e
Static task
static1
Behavioral task
behavioral1
Sample
Request for New Quote - Valve Ist Order.doc.rtf
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Request for New Quote - Valve Ist Order.doc.rtf
Resource
win10v20210410
Malware Config
Extracted
formbook
4.1
http://www.semenovdmitriik.club/bwk/
alexrabus.com
education618.com
nelivo.com
gosanispire.com
cdaboozecruise.com
lovenfys.com
wellsleyarts.com
madcord.net
aadiventura.com
prideglobalholdings.com
tu-aviso.com
rjroof.com
upthehilldogwalking.com
ultraletefit.com
opinetree.com
retiredalsolovingit.com
oculensweb.com
laurartproductions.com
uncontenido.com
elisabethchin.com
fefffisce.info
radicallymessy.church
ufdzbhrxk.icu
nerdtoysuk.xyz
alibbv.com
wellness-sense.com
northernirelandcustoms.academy
propointcleaning.com
essentials19.com
ethereumlp.com
campustore.net
dubai-tlv.com
videoadprofits.com
getblackops2hack.com
jawwal.xyz
sacpanel.com
statiajewels.com
moveincyprus.com
skip3-akjsdn.com
psychedelicsnail.com
linkitmexico.com
legalmktexas.net
kickitfashion.com
jphomedecor-01.com
iyogyl.com
wester.zone
freightlogins.com
mytinyhometips.com
shaunmdurrantbooks.com
weretheshepards.com
rigwelllifetimeonline.com
artistssupportpledge.com
hymingfeng.com
konbeca.com
mack-soldenfx.com
xywedding.com
hg62988.com
wirebeevehicles.com
barnettmt5.com
businesspartner360.com
financesdigital.com
thejadedopal.com
fragrancecollector.com
pigpigworld.com
Targets
-
-
Target
Request for New Quote - Valve Ist Order.doc
-
Size
318KB
-
MD5
7d80d39f97a6e35dfc339a44d4b76d5c
-
SHA1
c3dc95cd79dbdac0012105f4eab82633f5261f66
-
SHA256
13340714da4aa2f3934591b6e845db59a99dbfbfcd948b96332e64378057453c
-
SHA512
762911be3b0669a521a3b4f12609d7d4a711dc5e8ace2ef3e1395bd9d4688d7fadc84a91c2f4373c7098b7175b2c7382ad9d969ab4f51e85b6b37fe281a3b12e
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-