General
-
Target
Reliance Trading Pvt. Ltd. List.docx
-
Size
10KB
-
Sample
210624-1myan5sx2x
-
MD5
8312b5bab2f19b01e2a1a12744a7464e
-
SHA1
076df8e460f965cd7b30fb07cdd06e90654417ec
-
SHA256
2bb1e6d0bcc6af940f0835a269b1ad99f8420207ba2f87c6f789219f8186559f
-
SHA512
5236b8461c9bb6af273c85f26905552a06977a1d58f2ff104f416bae996d3838b4ca76b037716aeb39936de0c79854e88c58cca5c17362e9836ccd097879e5f1
Static task
static1
Behavioral task
behavioral1
Sample
Reliance Trading Pvt. Ltd. List.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Reliance Trading Pvt. Ltd. List.docx
Resource
win10v20210408
Malware Config
Extracted
http://198.12.91.160/--...........................................------..................--------/......................wiz
Extracted
formbook
4.1
http://www.mpaiji.com/c244/
ssgasija.com
procyoon.com
mood-street-food.com
yeglifeview.com
baoyai.com
sundarsheni.com
notoli.photography
sweetape.com
ergas.group
asyrill.com
jin188v.com
stlazarushospitalnola.com
dohertyfamily5.com
duniaclubs.club
ngobryles.com
scottsavocasalon.com
unifiui.com
baileyfred.com
nabiagency.com
alyssaternanphotography.com
whitehome-re.com
nitaraine.com
rklogtransportes.com
closetcouturenc.com
day.gallery
suxfi.com
mittikasaman.com
livesupgrade.com
hasbiadam.com
masdelafont-mauguio.com
topadofa.com
humanimmunogenomics.com
exit-blog.com
andersonsignandbannerco.com
ellasween.com
jmycjj.com
dhshk.com
peaceful-dolphin.com
flossydesigns.com
mrevivalkids.com
paintmehappywithcassandra.com
daishuaku.com
c2spot.com
odiaproduct.com
skillfultopshop.com
mentorbp.com
annualchecklist.com
jasaborongan.com
fasttrainheal.com
flatfootedhatting.com
brionreilly.com
ogcaterers.info
uuhlashwe.club
subsidy-kennwort.info
logisticmoversusa.com
houseofkabbalah.com
ahealingjournee.com
diemtinthitruong.com
naturallybossed.com
turksandcaicosdirect.com
hudsonvalleyfinearts.net
brocousa.com
getyourcostsdown.com
liveitupmusic.com
Targets
-
-
Target
Reliance Trading Pvt. Ltd. List.docx
-
Size
10KB
-
MD5
8312b5bab2f19b01e2a1a12744a7464e
-
SHA1
076df8e460f965cd7b30fb07cdd06e90654417ec
-
SHA256
2bb1e6d0bcc6af940f0835a269b1ad99f8420207ba2f87c6f789219f8186559f
-
SHA512
5236b8461c9bb6af273c85f26905552a06977a1d58f2ff104f416bae996d3838b4ca76b037716aeb39936de0c79854e88c58cca5c17362e9836ccd097879e5f1
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-