General
-
Target
PO-ENQ_Order.Specification.docx.zip
-
Size
7KB
-
Sample
210613-erf2tmwkhe
-
MD5
f65b7fb5406a972a9403130b9c12d998
-
SHA1
02cae68a3ae5c40f0526fc9bd06d36bd12b89b13
-
SHA256
259389a85817e6f9e72e79ee57e13137fe2fc8e5a50de2555c14060fbc1e65b7
-
SHA512
5edf25206e6395476938535c68d1624da5983d895d5534962d11defb44099fc2731a69bf88ed6af78c8c5a6efca4624be8f313e4eb806cf0e769ed894b9e1228
Static task
static1
Behavioral task
behavioral1
Sample
PO-ENQ_Order.Specification.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO-ENQ_Order.Specification.docx
Resource
win10v20210410
Malware Config
Extracted
http://xy2.eu/e9yp
Extracted
formbook
4.1
http://www.dragonpalcenk.com/k8n/
foxynailserie.com
thenoyzees.com
waterrising.xyz
allmister.com
theguyscave.com
erkitap.com
spyder-club.com
raskrutisam.com
giantledlights.com
wowbeautynails.com
youmovies.site
abjms.com
enso-solutions.com
seasonalcampgroundsmn.com
lukeprater.com
mufasacapital.com
idi360.com
mask-cleaner.com
aeruswilmde.com
venkatlifecoach.com
crochetandgabbana.com
onlineshreecollection.com
gwenythportillowightman.com
nexuspropertycare.com
progress.solutions
parkerut.com
achebones.com
jiazhengfu.com
chlamydiadeetz.com
thiele-concept.com
bayareataxattorney.com
geopainterdecorators.com
makemybuild.com
headsleepinstrument.online
finevinum.com
alphaworkoutgear.com
8765pk.com
rikonchat.com
gitchat.net
showy1.net
tellurideminer.com
triliumbrewing.com
fioriapartment.com
salubrigems.com
sctsmney.com
betgobar1.com
thomaspurcell.com
araket.com
parisfilmfestival.online
treepik.com
artemisnaturalhealing.com
littlehouseofhoarders.com
buyselllm.com
levnakava.com
mygolfbetter.com
vinlancer.com
beetalkmobile.press
gocampultralightmattress.com
direk99.net
nivxros.com
cbgdenver.com
datarock.net
docondemand.net
smithvilletexashistory.com
Targets
-
-
Target
PO-ENQ_Order.Specification.docx
-
Size
10KB
-
MD5
92614cfd1b385cc6e38156a4ce269602
-
SHA1
b32113fc539912f706e55fefe7a91bb903e4d719
-
SHA256
65a0e831a9a7680b0440a3afbfa71e6ddef2e2745301953e168a02ecf4d6d3d4
-
SHA512
eabf4df35bcbc0fdff14ae447690434d88653586038075c50aa1f09d6f1fb34e0df1486487e9a9abc1a5275eac6cee82a92f55deba37a5fe63493bba0a9f11dd
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-