General
-
Target
PO202107.xls
-
Size
23KB
-
Sample
210719-rr8qgrw2xx
-
MD5
c9123fe2a9ea247a974641a32940335b
-
SHA1
13c5be04c9afceb11892f27767d7bc45c33b4b9c
-
SHA256
bf19534d31541387c22c69963c679114bac4315d83e1dd3dc7b775b7dd377658
-
SHA512
a87babeac9c10faa19d638b7f02551eeab7f17b2f482bdf1a797d616b52995b5e326758a32d7a1418baab596ff1dfecf142dcd1ab8ca6cd8386c863f8984ba0c
Static task
static1
Behavioral task
behavioral1
Sample
PO202107.xls
Resource
win7v20210408
Malware Config
Extracted
formbook
4.1
http://www.tiktokblueprints.com/ea9e/
yoga-fertilite.com
zcltlfsh.icu
aberdareroyalcottages.com
kawaiibobateahouse.com
311gang.com
coastalbreezecreations.com
globosimpresoss.com
ignitioniq.com
5gplaystation.com
marketopiniononline.com
martinstantondesigns.com
ksdhxtkpup4.net
findconscious.com
pure-tab.com
orderanthonysofskippack.com
findingthecurve.com
e-devletim.com
prosystemwebsite.com
travelbroom.com
sharpopinion.com
musclebuildingschool.com
prochoice-limo.com
xxgjmall.com
spoiltgirl.com
carpetcleaningmeridian.com
robertomiceli.com
leqi166.com
kaloncosmetx.com
siheontech.com
zunoki.com
egohui.pro
singjolt.com
shiqiangjn.com
ideaofis.com
wallet-invest.com
suitsnladders.com
pleasanthomestay.com
gametrue.online
sufferer-uncontroverted.info
riversidecahomes.com
kjfuli8.com
hottype.xyz
7958699.com
tijebei.com
animef.net
miraterratravel.com
lyon-de.com
psm-gen.com
discoveryaccess.xyz
nails-und-beauty.com
perfectkode.com
bieniek.one
1933ejaniceway.com
scholarlyleadership.com
alpinefloristnj.com
gsbkdz.com
vidtutor.com
willflosolutions.com
solongastheyfear.com
nexi-id.info
msglowrca.com
ulubeyismerkezi.com
valhallastables.net
coreadvices.com
Targets
-
-
Target
PO202107.xls
-
Size
23KB
-
MD5
c9123fe2a9ea247a974641a32940335b
-
SHA1
13c5be04c9afceb11892f27767d7bc45c33b4b9c
-
SHA256
bf19534d31541387c22c69963c679114bac4315d83e1dd3dc7b775b7dd377658
-
SHA512
a87babeac9c10faa19d638b7f02551eeab7f17b2f482bdf1a797d616b52995b5e326758a32d7a1418baab596ff1dfecf142dcd1ab8ca6cd8386c863f8984ba0c
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-