General
-
Target
Purchase Order.xls
-
Size
23KB
-
Sample
210705-k1nbletc8s
-
MD5
53db35996b20f92129431dfd33f25f13
-
SHA1
21ff64bba77db0e7023b34e33685957cc29bc22c
-
SHA256
98c8486c5aac678117a1d709b784da6a5f60024090c0cde14eaddb989fabf191
-
SHA512
74951382ad50d6b9dfd63a5a801bf98fef142a5873b2ddf02a39795bc7ebf091f708495fd09a80601d510228eb42215380259a034df94b63b31cec7016ecfd40
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.xls
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.tiktokblueprints.com/ea9e/
yoga-fertilite.com
zcltlfsh.icu
aberdareroyalcottages.com
kawaiibobateahouse.com
311gang.com
coastalbreezecreations.com
globosimpresoss.com
ignitioniq.com
5gplaystation.com
marketopiniononline.com
martinstantondesigns.com
ksdhxtkpup4.net
findconscious.com
pure-tab.com
orderanthonysofskippack.com
findingthecurve.com
e-devletim.com
prosystemwebsite.com
travelbroom.com
sharpopinion.com
musclebuildingschool.com
prochoice-limo.com
xxgjmall.com
spoiltgirl.com
carpetcleaningmeridian.com
robertomiceli.com
leqi166.com
kaloncosmetx.com
siheontech.com
zunoki.com
egohui.pro
singjolt.com
shiqiangjn.com
ideaofis.com
wallet-invest.com
suitsnladders.com
pleasanthomestay.com
gametrue.online
sufferer-uncontroverted.info
riversidecahomes.com
kjfuli8.com
hottype.xyz
7958699.com
tijebei.com
animef.net
miraterratravel.com
lyon-de.com
psm-gen.com
discoveryaccess.xyz
nails-und-beauty.com
perfectkode.com
bieniek.one
1933ejaniceway.com
scholarlyleadership.com
alpinefloristnj.com
gsbkdz.com
vidtutor.com
willflosolutions.com
solongastheyfear.com
nexi-id.info
msglowrca.com
ulubeyismerkezi.com
valhallastables.net
coreadvices.com
Targets
-
-
Target
Purchase Order.xls
-
Size
23KB
-
MD5
53db35996b20f92129431dfd33f25f13
-
SHA1
21ff64bba77db0e7023b34e33685957cc29bc22c
-
SHA256
98c8486c5aac678117a1d709b784da6a5f60024090c0cde14eaddb989fabf191
-
SHA512
74951382ad50d6b9dfd63a5a801bf98fef142a5873b2ddf02a39795bc7ebf091f708495fd09a80601d510228eb42215380259a034df94b63b31cec7016ecfd40
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-