General
-
Target
RFQ 01060021 Inquiry List.docx
-
Size
10KB
-
Sample
210602-3nc9ybg4ea
-
MD5
19a53f5dc55103effe8f1bf1857050e9
-
SHA1
f83c39a10dc491b209e299dd81b3dd92149e82cc
-
SHA256
f894b45c87c689c51c77e76af7899fbfd99f02c3ee0dabb638612f1872acccfb
-
SHA512
d34849e85b86c16429c214d6734a1c2b3b09a212382aa1f866bcb7ff7e2e268b711b8ca194e10f60fc46fb8b05f19ae0abc99d5de0513373d7a4ab6abf2dd7d4
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 01060021 Inquiry List.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RFQ 01060021 Inquiry List.docx
Resource
win10v20210408
Malware Config
Extracted
http://bit.do/fQV8b
Extracted
formbook
4.1
http://www.mpaiji.com/c244/
ssgasija.com
procyoon.com
mood-street-food.com
yeglifeview.com
baoyai.com
sundarsheni.com
notoli.photography
sweetape.com
ergas.group
asyrill.com
jin188v.com
stlazarushospitalnola.com
dohertyfamily5.com
duniaclubs.club
ngobryles.com
scottsavocasalon.com
unifiui.com
baileyfred.com
nabiagency.com
alyssaternanphotography.com
whitehome-re.com
nitaraine.com
rklogtransportes.com
closetcouturenc.com
day.gallery
suxfi.com
mittikasaman.com
livesupgrade.com
hasbiadam.com
masdelafont-mauguio.com
topadofa.com
humanimmunogenomics.com
exit-blog.com
andersonsignandbannerco.com
ellasween.com
jmycjj.com
dhshk.com
peaceful-dolphin.com
flossydesigns.com
mrevivalkids.com
paintmehappywithcassandra.com
daishuaku.com
c2spot.com
odiaproduct.com
skillfultopshop.com
mentorbp.com
annualchecklist.com
jasaborongan.com
fasttrainheal.com
flatfootedhatting.com
brionreilly.com
ogcaterers.info
uuhlashwe.club
subsidy-kennwort.info
logisticmoversusa.com
houseofkabbalah.com
ahealingjournee.com
diemtinthitruong.com
naturallybossed.com
turksandcaicosdirect.com
hudsonvalleyfinearts.net
brocousa.com
getyourcostsdown.com
liveitupmusic.com
Targets
-
-
Target
RFQ 01060021 Inquiry List.docx
-
Size
10KB
-
MD5
19a53f5dc55103effe8f1bf1857050e9
-
SHA1
f83c39a10dc491b209e299dd81b3dd92149e82cc
-
SHA256
f894b45c87c689c51c77e76af7899fbfd99f02c3ee0dabb638612f1872acccfb
-
SHA512
d34849e85b86c16429c214d6734a1c2b3b09a212382aa1f866bcb7ff7e2e268b711b8ca194e10f60fc46fb8b05f19ae0abc99d5de0513373d7a4ab6abf2dd7d4
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-