General
-
Target
0700621 Data Sheet.docx
-
Size
10KB
-
Sample
210607-asprthecv2
-
MD5
ce3c47a32607544859c503e2a404a841
-
SHA1
fc824648b8128adc8cf8dd819412ee2f547a823b
-
SHA256
e9c14d81bef016087ae43bdb90b0ad87fad97c711b8972a06742480b6f2e94cf
-
SHA512
130534e947ff234e0888042ae4526aa08ab542622ee6050eea6f8d2c7723c1bc127910fca62b9b1f34f3ba9f2145f8606fbf1a26619c35d0878837aa5f7b9d22
Static task
static1
Behavioral task
behavioral1
Sample
0700621 Data Sheet.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
0700621 Data Sheet.docx
Resource
win10v20210410
Malware Config
Extracted
http://172.245.119.81/.----------------------.------------------------------.-/v.wbk
Extracted
formbook
4.1
http://www.mpaiji.com/c244/
ssgasija.com
procyoon.com
mood-street-food.com
yeglifeview.com
baoyai.com
sundarsheni.com
notoli.photography
sweetape.com
ergas.group
asyrill.com
jin188v.com
stlazarushospitalnola.com
dohertyfamily5.com
duniaclubs.club
ngobryles.com
scottsavocasalon.com
unifiui.com
baileyfred.com
nabiagency.com
alyssaternanphotography.com
whitehome-re.com
nitaraine.com
rklogtransportes.com
closetcouturenc.com
day.gallery
suxfi.com
mittikasaman.com
livesupgrade.com
hasbiadam.com
masdelafont-mauguio.com
topadofa.com
humanimmunogenomics.com
exit-blog.com
andersonsignandbannerco.com
ellasween.com
jmycjj.com
dhshk.com
peaceful-dolphin.com
flossydesigns.com
mrevivalkids.com
paintmehappywithcassandra.com
daishuaku.com
c2spot.com
odiaproduct.com
skillfultopshop.com
mentorbp.com
annualchecklist.com
jasaborongan.com
fasttrainheal.com
flatfootedhatting.com
brionreilly.com
ogcaterers.info
uuhlashwe.club
subsidy-kennwort.info
logisticmoversusa.com
houseofkabbalah.com
ahealingjournee.com
diemtinthitruong.com
naturallybossed.com
turksandcaicosdirect.com
hudsonvalleyfinearts.net
brocousa.com
getyourcostsdown.com
liveitupmusic.com
Targets
-
-
Target
0700621 Data Sheet.docx
-
Size
10KB
-
MD5
ce3c47a32607544859c503e2a404a841
-
SHA1
fc824648b8128adc8cf8dd819412ee2f547a823b
-
SHA256
e9c14d81bef016087ae43bdb90b0ad87fad97c711b8972a06742480b6f2e94cf
-
SHA512
130534e947ff234e0888042ae4526aa08ab542622ee6050eea6f8d2c7723c1bc127910fca62b9b1f34f3ba9f2145f8606fbf1a26619c35d0878837aa5f7b9d22
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-