General
-
Target
PO5324DZ.xls
-
Size
23KB
-
Sample
210707-2q7mtn9y96
-
MD5
eda1c8dc942d56f20c214fd832fe035c
-
SHA1
b7f6558b27519fdc566d9a18022eeb1da1b5537c
-
SHA256
7d1ae87aa9c4905b7ae19cbcc3723231b15c62426ef771358b476ce136fcf1c7
-
SHA512
cad4b620021cdb0ca0faa00a3134d70672c5c4448cf8bc11fecf33912aaf86334c592f9f2598587b79106a790867dab63fc4a47036b832a4113cd30e92e7f5dc
Static task
static1
Behavioral task
behavioral1
Sample
PO5324DZ.xls
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.tiktokblueprints.com/ea9e/
yoga-fertilite.com
zcltlfsh.icu
aberdareroyalcottages.com
kawaiibobateahouse.com
311gang.com
coastalbreezecreations.com
globosimpresoss.com
ignitioniq.com
5gplaystation.com
marketopiniononline.com
martinstantondesigns.com
ksdhxtkpup4.net
findconscious.com
pure-tab.com
orderanthonysofskippack.com
findingthecurve.com
e-devletim.com
prosystemwebsite.com
travelbroom.com
sharpopinion.com
musclebuildingschool.com
prochoice-limo.com
xxgjmall.com
spoiltgirl.com
carpetcleaningmeridian.com
robertomiceli.com
leqi166.com
kaloncosmetx.com
siheontech.com
zunoki.com
egohui.pro
singjolt.com
shiqiangjn.com
ideaofis.com
wallet-invest.com
suitsnladders.com
pleasanthomestay.com
gametrue.online
sufferer-uncontroverted.info
riversidecahomes.com
kjfuli8.com
hottype.xyz
7958699.com
tijebei.com
animef.net
miraterratravel.com
lyon-de.com
psm-gen.com
discoveryaccess.xyz
nails-und-beauty.com
perfectkode.com
bieniek.one
1933ejaniceway.com
scholarlyleadership.com
alpinefloristnj.com
gsbkdz.com
vidtutor.com
willflosolutions.com
solongastheyfear.com
nexi-id.info
msglowrca.com
ulubeyismerkezi.com
valhallastables.net
coreadvices.com
Targets
-
-
Target
PO5324DZ.xls
-
Size
23KB
-
MD5
eda1c8dc942d56f20c214fd832fe035c
-
SHA1
b7f6558b27519fdc566d9a18022eeb1da1b5537c
-
SHA256
7d1ae87aa9c4905b7ae19cbcc3723231b15c62426ef771358b476ce136fcf1c7
-
SHA512
cad4b620021cdb0ca0faa00a3134d70672c5c4448cf8bc11fecf33912aaf86334c592f9f2598587b79106a790867dab63fc4a47036b832a4113cd30e92e7f5dc
-
Formbook Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Suspicious use of SetThreadContext
-