General
-
Target
Payment Confirmation.doc
-
Size
57KB
-
Sample
210723-jvq3fjy6ca
-
MD5
88b8c238ca748c1b5c056364acac3336
-
SHA1
cf99d9a1d8252b87797124561a08d35a4f254946
-
SHA256
769f5f59dbd758fbad94b0b7fb84afd003f87b00e5991a239ecd562c51ee991f
-
SHA512
26b850ab74da2cae5739d67d277b73db1e9a0cc48b4cfb3442465de0004212735012e74ede837d763112718853abe3b513358a3de9e6e7fd86cf2d9d18058c84
Static task
static1
Behavioral task
behavioral1
Sample
Payment Confirmation.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Payment Confirmation.doc
Resource
win10v20210408
Malware Config
Extracted
formbook
4.1
http://www.meilleurspromo.com/lmsa/
functionalkitchen.net
jiangxichuangke.com
lonerkont.space
champcarfanatics.com
csillag-szuletik.info
jupitowatch.com
lmcomputer.net
alfawize.com
mouthconsults.com
gruppolarta.com
gaymyway.com
bostonpeach.com
bioclean.pro
thingsandotherstuff.com
gencmetals.com
cwivf.com
nbhgddfgggnhhmhln.com
myscoutinglife.com
ccubk.com
cheapfloatingrentals.com
cryptofundit.com
localvocal.media
allaeat.com
djysddb.com
unifiui.com
corollabeachsetups.com
luckysevenboxesdesign.com
evanstiresetlement.com
rizubnclm.com
ambroja.com
startlivingbigger.com
bistro215.com
smartkarz.com
babybeardesigns.com
sgbizhu.com
koenbavzl.icu
55usu.com
palacenew.com
ikucherenko.com
onewilderness.travel
thelipglosskit.com
gabrielles.network
itaowong.com
visitgaytucson.com
joeboiden.com
billrecon.com
pakarpusaka.com
modelsnt.com
electionsector.com
nolanwalsh.com
funny-water.com
6768h88615.net
omae-mada.xyz
surkentkuruyemis.com
monarchlakeshouses.com
sledger17.com
virfthailand.com
nilou-abraham.com
grainsnspices.com
propertyinvestorleads.com
eattoevolvechallenge.com
jswjgd.com
rugpat.com
strobes.online
Targets
-
-
Target
Payment Confirmation.doc
-
Size
57KB
-
MD5
88b8c238ca748c1b5c056364acac3336
-
SHA1
cf99d9a1d8252b87797124561a08d35a4f254946
-
SHA256
769f5f59dbd758fbad94b0b7fb84afd003f87b00e5991a239ecd562c51ee991f
-
SHA512
26b850ab74da2cae5739d67d277b73db1e9a0cc48b4cfb3442465de0004212735012e74ede837d763112718853abe3b513358a3de9e6e7fd86cf2d9d18058c84
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-