General
-
Target
payment copy.xlsx
-
Size
670KB
-
Sample
210507-zjr2229h6a
-
MD5
aea58eb70601d6c06d73b14c047d2274
-
SHA1
38a71f5ec2abe59a8fab0d13a46ac2a86ef0e2bf
-
SHA256
d4e1391a4c091eb93ee714ad3b7cb38363d1859c156a9c70d34f2176eb17af37
-
SHA512
8d36fc594ce7622b34764cf39612265b687a3ee1d2d644f6aebcaf215379aa5820a52f3df37c899d9663cc8a843689b1e148854b96707fae69dfb9f23910a6fa
Static task
static1
Behavioral task
behavioral1
Sample
payment copy.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
payment copy.xlsx
Resource
win10v20210410
Malware Config
Extracted
formbook
4.1
http://www.conciergedoctx.com/ot8m/
digiclan.net
songlautramtuoii.online
miracleseedproducts.com
taniacastillo.com
essentialme.network
charmcitydetour.com
suprekopis.com
jimmycollier.com
thrifteee.com
rhmachinery.ltd
the05project.com
altfacebookalt.com
ein-herz-fuer-holz.com
kingohost.com
vmarines.com
2bestudio.com
triducdv.com
kp-transport.com
mybostonhwart.com
benzcat.net
ajichouf24.com
aisoucheng.com
momagourmet.com
jj3977.com
modacimiz.com
akatsuki2017.com
mcallensolarpanels.com
totalsolarpanels.com
hamrahanedalat.com
littleavacadosco.com
personalloanspotterguides.info
pegasusdir.net
thetft.com
viscosetowels.com
erins.pizza
softlizer.com
ethicalcandleco.com
newactinc.express
premiumenterprisegroup.com
cwchsauce.com
emikosstore.com
milansclosetdoor.com
mpzazmrserv194.xyz
yelltee.com
cannabisclaim.com
jillsings.com
20bet9.com
byrondramos.com
rakovar.com
cqxyhpb.com
mycms.cloud
tutormenu.com
road35filez.com
restorationbydesign.net
leileinet.com
jumtix.xyz
devashrigreenssociety.com
sensationalwonderwomen.com
genesistc.net
rewibes.com
rockalingu.com
vipoboi.com
stewriley.com
yumleys.com
Targets
-
-
Target
payment copy.xlsx
-
Size
670KB
-
MD5
aea58eb70601d6c06d73b14c047d2274
-
SHA1
38a71f5ec2abe59a8fab0d13a46ac2a86ef0e2bf
-
SHA256
d4e1391a4c091eb93ee714ad3b7cb38363d1859c156a9c70d34f2176eb17af37
-
SHA512
8d36fc594ce7622b34764cf39612265b687a3ee1d2d644f6aebcaf215379aa5820a52f3df37c899d9663cc8a843689b1e148854b96707fae69dfb9f23910a6fa
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-