General
-
Target
AWB 6299764041.docx
-
Size
10KB
-
Sample
210607-t1xs577zma
-
MD5
2b0e4d8173d2821108074af1834246e9
-
SHA1
e3db8590c3e52d79d2546746b96b528fb5d2533c
-
SHA256
ca54e569e23be1e43ce626c3c1deba8dd70d1820b574ea6851ada7c453c62d92
-
SHA512
d4542e2a25ffc2d60b35c2b25db4c859cb714e6a017a894d11f87ad5a22cb575d5f7fe6eaecab14bc3307cc6cbbe13bc811acebc87d6b483ae123929425aa9b0
Static task
static1
Behavioral task
behavioral1
Sample
AWB 6299764041.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
AWB 6299764041.docx
Resource
win10v20210410
Malware Config
Extracted
http://37.120.206.70/buchi/b.wbk
Extracted
formbook
4.1
http://www.skindulgenceatl.com/lth/
sportstudio.store
taxes-info.com
cateringglasgow.com
onlineviolintutor.com
coaching-crisisempresarial.com
xn--tqq821aiik.net
thealhenab.com
buzinessmonk.com
radiobulnesonline.com
jp-service24x7.com
skylod.com
scriptures66.com
snoodyshields.com
curbsidecouriers.com
healthcare-partner.net
bbluedot3dwdshop.com
you-win-all.club
phenomenailshrj.com
gameplw.info
sableknight.com
instanttransmission.com
skynetmark.net
gouvrefund.com
kuxly.com
zrmstg8c5o.com
thepeanutlogger.com
nivxros.com
raycooceanic.com
gettollingagain.com
804poker.com
picopio.com
streetphotographysociety.com
lookandstoped.com
coassparacasas.com
shoptrippiee.com
kanehartleykane.com
sannasinc.com
million2u.club
izwerg.com
banglaislam.net
diy-and-home-improvementt.com
aarankringsinc.com
digitalaudioelectronics.com
aex8.com
exoticeurosllc.com
verwatch.info
tokenfuel.com
searchenter.website
caseme.asia
offtheripfitness.net
moderndayhouse.com
thenexxusmediablog.com
osielsko-niemcz.site
directcannx.com
join399.com
fepuare.com
outdoorstribes.com
donggkfj.com
zandepot.com
ubimindbodycare.com
phonkdrip.com
myphonecooler.com
swbartending.com
loslugers.com
Targets
-
-
Target
AWB 6299764041.docx
-
Size
10KB
-
MD5
2b0e4d8173d2821108074af1834246e9
-
SHA1
e3db8590c3e52d79d2546746b96b528fb5d2533c
-
SHA256
ca54e569e23be1e43ce626c3c1deba8dd70d1820b574ea6851ada7c453c62d92
-
SHA512
d4542e2a25ffc2d60b35c2b25db4c859cb714e6a017a894d11f87ad5a22cb575d5f7fe6eaecab14bc3307cc6cbbe13bc811acebc87d6b483ae123929425aa9b0
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-