General
-
Target
New Order.docx
-
Size
10KB
-
Sample
210722-fjvmbpnsq2
-
MD5
37440402e2f3bed12f391338cbd4fc12
-
SHA1
f28f9be236b1593f2f7da3ceb4b0478c96c7b0d0
-
SHA256
b5bcdc51fdaabc11a62e8401493b5fa24b6f4a350d597cc58a04cfc0dedefbfc
-
SHA512
468e045dcec4558ed25e25f0dae0fb99be55e300994ffc698e2cb6dfc0812c89d3a13a69e0fe0166d4f0a50891bcb1f65526122e8ae52b67056c937e25c7fa5a
Static task
static1
Behavioral task
behavioral1
Sample
New Order.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
New Order.docx
Resource
win10v20210408
Malware Config
Extracted
https://hyp.ae/pGGoM
Extracted
formbook
4.1
http://www.bookkeeping32.com/p6ai/
ocfoundation.info
fullhouse01.com
a-great-lexus-rx.fyi
googlepayperclick.com
coachmyragolden.com
luxclothing.club
medicationbuddy.com
miraclepawsfoundation.com
datingforcez.online
wasteharvester.com
solslides.com
hotel-ritterhof.com
tianjinsf.com
receiveyourcashnow.com
the-vma.com
godrejroyalewoodsbangalore.com
erickrokanphotography.com
vasinvestments.com
janlago.com
2nocent.com
grasipy.com
generic5menviav.com
siokan.com
trump-single.com
betweentheadvents.com
huellitasdecleo.com
callaido.com
jfl-info.net
associationuniversity.com
fashionclogstops.com
tlscert.watch
maxenvio4.online
rugpat.com
aerialconsult.com
rwtcjd.com
thevirtualeventz.com
kuyili.net
tiendapatina.com
samcartt.com
tacotourtexas.com
kindermap.com
kofc2458.com
learnavstandards.com
independentthirdparty.com
vanessabruno.club
urbanaffirmation-active.com
uniquelykay.com
micondolencias.com
thehaircandi.com
dfshelf.com
beautifullivesmatter.info
tea.coffee
pickleballpainmanagement.com
kci-sh.com
vzhizuo.com
edubox24.store
emridoc.com
fashpark.com
irishebikes.com
natalyashelk.online
kpassan.com
eranratzon.com
femueweczedre.com
bastianbrown.com
Targets
-
-
Target
New Order.docx
-
Size
10KB
-
MD5
37440402e2f3bed12f391338cbd4fc12
-
SHA1
f28f9be236b1593f2f7da3ceb4b0478c96c7b0d0
-
SHA256
b5bcdc51fdaabc11a62e8401493b5fa24b6f4a350d597cc58a04cfc0dedefbfc
-
SHA512
468e045dcec4558ed25e25f0dae0fb99be55e300994ffc698e2cb6dfc0812c89d3a13a69e0fe0166d4f0a50891bcb1f65526122e8ae52b67056c937e25c7fa5a
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-