General
-
Target
Order Specification.docx
-
Size
10KB
-
Sample
210615-s2ca36psbx
-
MD5
67c8ecd6af15b24d8ada9142aa3bec6e
-
SHA1
f55c87f0da307e1049847b1f3cbfe90b541db063
-
SHA256
9c9c3a88a1aed30e34abbae91f84f82d1777bcf303f8dabbbdc8330d2090febc
-
SHA512
65efcd5e42ac1ad9e862666c1e12c6c111cf38e046944f34095b9d33922ac6a35e1fc4269d473b4f52c583d05377b9b0c94ecf7dcdea2bd4682880c30154a6ab
Static task
static1
Behavioral task
behavioral1
Sample
Order Specification.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Order Specification.docx
Resource
win10v20210408
Malware Config
Extracted
http://0300.0003.0215.0244/ore/o.wbk
Extracted
formbook
4.1
http://www.dragonpalcenk.com/k8n/
foxynailserie.com
thenoyzees.com
waterrising.xyz
allmister.com
theguyscave.com
erkitap.com
spyder-club.com
raskrutisam.com
giantledlights.com
wowbeautynails.com
youmovies.site
abjms.com
enso-solutions.com
seasonalcampgroundsmn.com
lukeprater.com
mufasacapital.com
idi360.com
mask-cleaner.com
aeruswilmde.com
venkatlifecoach.com
crochetandgabbana.com
onlineshreecollection.com
gwenythportillowightman.com
nexuspropertycare.com
progress.solutions
parkerut.com
achebones.com
jiazhengfu.com
chlamydiadeetz.com
thiele-concept.com
bayareataxattorney.com
geopainterdecorators.com
makemybuild.com
headsleepinstrument.online
finevinum.com
alphaworkoutgear.com
8765pk.com
rikonchat.com
gitchat.net
showy1.net
tellurideminer.com
triliumbrewing.com
fioriapartment.com
salubrigems.com
sctsmney.com
betgobar1.com
thomaspurcell.com
araket.com
parisfilmfestival.online
treepik.com
artemisnaturalhealing.com
littlehouseofhoarders.com
buyselllm.com
levnakava.com
mygolfbetter.com
vinlancer.com
beetalkmobile.press
gocampultralightmattress.com
direk99.net
nivxros.com
cbgdenver.com
datarock.net
docondemand.net
smithvilletexashistory.com
Targets
-
-
Target
Order Specification.docx
-
Size
10KB
-
MD5
67c8ecd6af15b24d8ada9142aa3bec6e
-
SHA1
f55c87f0da307e1049847b1f3cbfe90b541db063
-
SHA256
9c9c3a88a1aed30e34abbae91f84f82d1777bcf303f8dabbbdc8330d2090febc
-
SHA512
65efcd5e42ac1ad9e862666c1e12c6c111cf38e046944f34095b9d33922ac6a35e1fc4269d473b4f52c583d05377b9b0c94ecf7dcdea2bd4682880c30154a6ab
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-