General
-
Target
cbac500e_by_Libranalysis
-
Size
10KB
-
Sample
210524-rt3lmlekhj
-
MD5
cbac500e2b86a16aa9b69b383db5e0e3
-
SHA1
9c9ba06bf5beb997e91a6b802dbed8e031e0b4f0
-
SHA256
e8b956100179eb1c542cedd9f78bb8b9c9c89e5b1040aefdc65619756b0da8fd
-
SHA512
15897af59d8e85e589f15339565e3cbedb95807c50d13c0cd5c32a9e99157335f3551bf1c4a57dcde322e04703a8e0a1a419ae9388a6a9d8ec346c7fdd94764d
Static task
static1
Behavioral task
behavioral1
Sample
cbac500e_by_Libranalysis.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
cbac500e_by_Libranalysis.doc
Resource
win10v20210408
Malware Config
Extracted
http://198.46.132.185/..-.-.-......................................................-...-/........................................................wbk
Extracted
formbook
4.1
http://www.unclechef.website/pmc/
poolbuilderhighlandpark.com
zgqcmrdswlw.com
rivalrepublic.net
vowseries.com
papmbeachcountymusic.com
unitedmarguisa.com
sparetimr.net
mmmfccynp.icu
blossom123.com
rkd6.com
luewhhedre.com
rwproducedeliveryknoxville.com
bqg5000.com
xn--jvrr98g37n88d.com
15slotozlo.site
experthairstylist.site
udalastar.com
avenstoredetailing.com
americanmicron.com
fineprintlaw.com
coolblue.digital
harfeakharkonkur.com
syinga-auto.com
tripmaker-japan.xyz
showtownapparel.com
daskonveyor.com
zibeicao.com
kirkvanpropertiesllc.info
sedekahbungkus.net
worldjpns.com
eagleswiftcourierservice.com
litbk.com
nextkineti.com
universallogisticvd.com
bowlesscottages.com
casey-key-real-estate.com
beamconcordlogistics.com
theaccountableteamscoach.com
cheikh-faye.com
adbhutrahsya.com
t-vcb.com
brikissell.com
organizingbypaty.com
zuisyoraku.com
inspiredpractice.net
nickstradi.pro
nelivo.com
expedientedurango.com
kasrax.com
thebespokelaboratory.com
riverwayfarm.com
adecquo.com
avizory.com
awaywegoo.com
mohamedsaad.net
abbbbha13.art
plazafaro.com
thetechnicalgeeks.com
confiercollection.com
msvpoa.com
centreatmillenniumpark.com
billboardnext.tech
sanfranciscoliving.info
cybernacle.website
Targets
-
-
Target
cbac500e_by_Libranalysis
-
Size
10KB
-
MD5
cbac500e2b86a16aa9b69b383db5e0e3
-
SHA1
9c9ba06bf5beb997e91a6b802dbed8e031e0b4f0
-
SHA256
e8b956100179eb1c542cedd9f78bb8b9c9c89e5b1040aefdc65619756b0da8fd
-
SHA512
15897af59d8e85e589f15339565e3cbedb95807c50d13c0cd5c32a9e99157335f3551bf1c4a57dcde322e04703a8e0a1a419ae9388a6a9d8ec346c7fdd94764d
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-