General
-
Target
PURCHASE_ORDER.XSPECIFICATION_LW1911456.docx
-
Size
10KB
-
Sample
210602-s2d9p2apdx
-
MD5
91ebd2c17dfc34165107775a60332096
-
SHA1
edd129796c2b2125b1cbb49fee200ca8bdf55019
-
SHA256
c15791f597e2f2d7404aedb05f0709a6254a4177113cde88809eb58e01e75d0b
-
SHA512
d689a521f82fa0cf5882b70a24a2a4395d211fe26f6391562faa714876c8133191272d8deed130e35c99d35baa86e45187c0ae0a151f23ce8cf92134debeec33
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE_ORDER.XSPECIFICATION_LW1911456.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PURCHASE_ORDER.XSPECIFICATION_LW1911456.docx
Resource
win10v20210410
Malware Config
Extracted
http://79.110.52.186/presh/p.wbk
Extracted
formbook
4.1
http://www.dragonpalcenk.com/k8n/
foxynailserie.com
thenoyzees.com
waterrising.xyz
allmister.com
theguyscave.com
erkitap.com
spyder-club.com
raskrutisam.com
giantledlights.com
wowbeautynails.com
youmovies.site
abjms.com
enso-solutions.com
seasonalcampgroundsmn.com
lukeprater.com
mufasacapital.com
idi360.com
mask-cleaner.com
aeruswilmde.com
venkatlifecoach.com
crochetandgabbana.com
onlineshreecollection.com
gwenythportillowightman.com
nexuspropertycare.com
progress.solutions
parkerut.com
achebones.com
jiazhengfu.com
chlamydiadeetz.com
thiele-concept.com
bayareataxattorney.com
geopainterdecorators.com
makemybuild.com
headsleepinstrument.online
finevinum.com
alphaworkoutgear.com
8765pk.com
rikonchat.com
gitchat.net
showy1.net
tellurideminer.com
triliumbrewing.com
fioriapartment.com
salubrigems.com
sctsmney.com
betgobar1.com
thomaspurcell.com
araket.com
parisfilmfestival.online
treepik.com
artemisnaturalhealing.com
littlehouseofhoarders.com
buyselllm.com
levnakava.com
mygolfbetter.com
vinlancer.com
beetalkmobile.press
gocampultralightmattress.com
direk99.net
nivxros.com
cbgdenver.com
datarock.net
docondemand.net
smithvilletexashistory.com
Targets
-
-
Target
PURCHASE_ORDER.XSPECIFICATION_LW1911456.docx
-
Size
10KB
-
MD5
91ebd2c17dfc34165107775a60332096
-
SHA1
edd129796c2b2125b1cbb49fee200ca8bdf55019
-
SHA256
c15791f597e2f2d7404aedb05f0709a6254a4177113cde88809eb58e01e75d0b
-
SHA512
d689a521f82fa0cf5882b70a24a2a4395d211fe26f6391562faa714876c8133191272d8deed130e35c99d35baa86e45187c0ae0a151f23ce8cf92134debeec33
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-