General
-
Target
Refno.191938.xlsx
-
Size
319KB
-
Sample
210504-5fzej9aaz2
-
MD5
a6ea0794f2791f9f2bdfcdb467122e6b
-
SHA1
83815a1977485c3fabdd49c91926d0482e3b78e1
-
SHA256
db692f9512b08149089a9d7295a04633f22944d87f2bfe53ae00d2c55f7502ca
-
SHA512
8e9d56848c8e9dc03676348ebc0b57b650cfe4a8c61d1d8825b68e7989f29eb83509e9a1d5d35fcdf9e81e1ddcd8ed6a80d7a947e5906965f9d42f89f7d6fc6d
Static task
static1
Behavioral task
behavioral1
Sample
Refno.191938.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Refno.191938.xlsx
Resource
win10v20210410
Malware Config
Extracted
formbook
4.1
http://www.mvcsecrets.com/op9s/
uscoser.club
gustrad.com
sowftwer.com
psychicpatrol.com
lmouowgoaa.com
riandmoara.com
sushigardentogo.com
cannabimall.com
ecolodgesworld.com
mysandboxcsp.com
coxsmobility.com
sfs-distribution.info
tymict.com
u-bahn.online
chrisjohnsondrums.com
comfyscoffee.com
eastwoodlearningcenter.com
a-authenticate.com
greatroyalspices.com
legalparaprofessionalonline.com
cnn24.site
servinguprichard.com
kongtiaodz.com
priminerw.com
intrateknik.com
arabiangulfgames.com
berkona.com
herbaquni.com
aluarte.info
wuxkfowev.icu
digitalneeds.tech
practisepractice.com
upgradeindonesia.com
designinject.com
chinahousecoralville.com
clubliakinder.com
sialkot.city
evgreen.fund
crg-construction.com
rikrakprod.com
classsnk.com
e-motionaligner.com
beautyblissshops.com
pickyourprice.club
kraekratom.com
digitexz.online
drburcindemirel.com
thisislisajones.com
bridge-the-mind.net
skincodemtblo.com
elayathemodel.com
reinboge.net
banks-in-cambodia.com
earthkeepforum.com
vbyvictorious.com
vyne.net
bearring.info
jndaohang.com
iandautomation.com
puteraizman.com
earthlyangelshomecare.com
jumlasx.xyz
holdergear.com
bmwsns.com
Targets
-
-
Target
Refno.191938.xlsx
-
Size
319KB
-
MD5
a6ea0794f2791f9f2bdfcdb467122e6b
-
SHA1
83815a1977485c3fabdd49c91926d0482e3b78e1
-
SHA256
db692f9512b08149089a9d7295a04633f22944d87f2bfe53ae00d2c55f7502ca
-
SHA512
8e9d56848c8e9dc03676348ebc0b57b650cfe4a8c61d1d8825b68e7989f29eb83509e9a1d5d35fcdf9e81e1ddcd8ed6a80d7a947e5906965f9d42f89f7d6fc6d
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-