General
-
Target
FLQ_1000572_SPL_20210651.xlsx
-
Size
8KB
-
Sample
210722-feaj9jach6
-
MD5
2a4289f7642ddc32ef9019a538946f62
-
SHA1
5d19318fbb1374b574cc576e97b456e383072808
-
SHA256
ed405158bb992eb55f067abb06b0285451c71e3db6b6910096608180d0c89b71
-
SHA512
e6fc202afa7167e1912f34430779b3a1e941229b8449e60b6690099b6656f346a888b89edd93d94d261ea5278026dd33ce03a3acf6e53d61cfe31a9de1fc4c1c
Static task
static1
Behavioral task
behavioral1
Sample
FLQ_1000572_SPL_20210651.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
FLQ_1000572_SPL_20210651.xlsx
Resource
win10v20210408
Behavioral task
behavioral3
Sample
FLQ_1000572_SPL_20210651.xlsx
Resource
macos
Malware Config
Extracted
formbook
4.1
http://www.domoexpra.club/cg53/
sugarlushcosmetic.com
a2net.info
ximakaya.com
thevochick.com
khafto.com
zsgpbgsbh.icu
psm-gen.com
jhxhotei.com
7991899.com
nda.today
fourseasonsvanlines.com
splediferous.info
thesqlgoth.com
newpathequine.com
advan.digital
skamanderboats.com
thejnit.com
pardusarms.net
mevasoluciones.com
biggdogg5n2.com
anogirl.com
xinyisanreqi.com
2mothertruckers.net
phongvevic.com
atmosphere.rent
amabie-net.com
stocksp24.com
starseedbeing.com
icreditmalaysia.com
inochinokagayaki.net
christianbooktrailer.com
gidrot.com
junglecli.com
greenportcivic.com
beyondparenting101.com
tracisolomon.xyz
healinghandssalem.com
hackersincgolf.com
goselling.solutions
cumuluspharma.com
ramblecollections.com
mac-marine.com
likeit21.com
gdlejing.com
si600.net
greenhearthome.com
tourps.com
lvyi19.com
frequent420.com
goodteattirerebates.com
melanie-gore.com
comfsresidential.com
vrgkk.com
losmaestrosencarpinteria.com
nikhitaindustries.com
fresgolens.online
xpj777.life
zerkalo-mr-bit-casino.com
thorsensgrinding.com
ronniethemole.com
poundlove.com
joansv.com
finneyplace.com
dakotacntr.com
Targets
-
-
Target
FLQ_1000572_SPL_20210651.xlsx
-
Size
8KB
-
MD5
2a4289f7642ddc32ef9019a538946f62
-
SHA1
5d19318fbb1374b574cc576e97b456e383072808
-
SHA256
ed405158bb992eb55f067abb06b0285451c71e3db6b6910096608180d0c89b71
-
SHA512
e6fc202afa7167e1912f34430779b3a1e941229b8449e60b6690099b6656f346a888b89edd93d94d261ea5278026dd33ce03a3acf6e53d61cfe31a9de1fc4c1c
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-