General
-
Target
INV2021-20800.docx
-
Size
10KB
-
Sample
210622-f21fh3kd4e
-
MD5
6c1c7232217cf3ac24711d9d5588126d
-
SHA1
03900482a118b894b2a5154dba552a543ccb7eb3
-
SHA256
040ce819e4f59dd7803e3c75da71048dd8fcf3b28f840889562fd55b6e3f74f2
-
SHA512
fb792cb769fb519529fa5029fbef1aef286ce30d9defaf698d4b5450965854b563e36e46b852f4a7df9f0fcc60ed4185b7b23c245dba0e7529ce57cf9dabf8e2
Static task
static1
Behavioral task
behavioral1
Sample
INV2021-20800.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
INV2021-20800.docx
Resource
win10v20210410
Malware Config
Extracted
https://itsssl.com/jBbhJ
Extracted
formbook
4.1
http://www.rocketschool.net/nf2/
avlholisticdentalcare.com
coolermassmedia.com
anythingneverything.net
maimaixiu.club
veyconcorp.com
rplelectro.com
koch-mannes.club
tecknetpro.com
getresurface.net
mertzengin.com
nbppfanzgn.com
508hill.com
ourdailydelights.com
aimeesambayan.com
productstoredt.com
doublelblonghorns.com
lucidcurriculum.com
thegoddessnow.com
qywqmjku.icu
yonibymina.com
fair-employer.institute
loundxgroup.com
grandcanyonbean.com
gmailanalytics.tools
e-deers.tech
gxbokee.com
saimeisteel.com
walnutcreekresidences.com
catalinaislandlodging.com
financassexy.com
wtuydga.icu
agrestorationil.com
guidenconsultants.com
annazon-pc.xyz
trinamorris.com
dealwiththeboss.com
touchedbyastar.com
myenduringlegacy.com
livegirlroom.com
managainstthegrain.com
wikige.com
muyiyang233.com
dopegraphicz.com
varietyarena.com
henohenomohej.com
wx323.com
k1ck1td0wn.com
fundsvalley.com
ebike-ny.com
xn--yedekparaclar-pgb62i.com
vidssea.com
wifiultraboostavis.com
exploitconstruction.com
freddeveld.com
kslux.com
couplealamo.icu
touchwood-card.com
k8vina51.com
thrivwnt.com
earlybirdwormfarm.com
hayyaabaya.com
holidayhomeinfrance.com
ssalmeria.com
nivxros.com
Targets
-
-
Target
INV2021-20800.docx
-
Size
10KB
-
MD5
6c1c7232217cf3ac24711d9d5588126d
-
SHA1
03900482a118b894b2a5154dba552a543ccb7eb3
-
SHA256
040ce819e4f59dd7803e3c75da71048dd8fcf3b28f840889562fd55b6e3f74f2
-
SHA512
fb792cb769fb519529fa5029fbef1aef286ce30d9defaf698d4b5450965854b563e36e46b852f4a7df9f0fcc60ed4185b7b23c245dba0e7529ce57cf9dabf8e2
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-