General
-
Target
Inquiry B86001 -02.xlsx
-
Size
1.3MB
-
Sample
210723-th6dsmfhzx
-
MD5
73d8612bfebed68769e3d0b1c7948768
-
SHA1
2e834dec54bdd6ec6f3bb93b6d4375865c4cab22
-
SHA256
723add57f8e5a282f96536d54ff4223b84f5e7cd1cb259762628fea45b5c7b2e
-
SHA512
bbd21068318b1ff17c1944447a9e4ab67d70aea9097feaa11014ece4f6a75b955924b30b7d5c876b5cc314302baf8cf04d7953baedcce43e1d034471f4486020
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry B86001 -02.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Inquiry B86001 -02.xlsx
Resource
win10v20210410
Malware Config
Extracted
formbook
4.1
http://www.surreal-myzrael.com/z7a/
dotstories.xyz
egd-dz.com
caringhealthrecruit.com
transportdupont.com
teh-support.pro
catfad.com
pinewoodlakepool.net
pendekar-qq.info
duplicuty-garden.com
librtshop.com
stepmed.life
seatplusplus.com
bluzelle.money
weflew.xyz
bolaci.com
arrebatamentonews.com
sukesanblog.com
shadow-campaign.com
anpfiff.net
taste-of-poland.com
fortniting.com
hotels-congres.com
seven10sixty.com
sarahbeanfalo.net
qoslkkhqtg.net
balancewithdrjody.com
jinjulicm.com
vlccfixtures.com
formsautomationsolution.com
ssrinfo.com
viidegrees.com
blueskysites.com
asamedicalsystems.com
ukl.ink
energymanagerpro.com
teammcniffrealestate.com
ava.education
ericsmobileworkshop.com
top10shadetrees.com
renovialab.com
motorworld.rentals
delossantos4nc.com
kaisuo69.com
flyfishingdaily.com
easyhomeone.com
empeflix.com
firstfamilyofwdw.life
solevux.com
maycheer.store
unleashedword.com
supremenursery.com
stagenego.com
corona-massnahmengesetzii.info
adultwebmas.com
jackcockburn.com
ibalawyer.com
freeliving.xyz
cybersecuredad.com
virtualipassistant.com
800seyana.com
directlinestream.com
proprepflooring.com
kaustubhkokate.com
hoslergroup.com
Targets
-
-
Target
Inquiry B86001 -02.xlsx
-
Size
1.3MB
-
MD5
73d8612bfebed68769e3d0b1c7948768
-
SHA1
2e834dec54bdd6ec6f3bb93b6d4375865c4cab22
-
SHA256
723add57f8e5a282f96536d54ff4223b84f5e7cd1cb259762628fea45b5c7b2e
-
SHA512
bbd21068318b1ff17c1944447a9e4ab67d70aea9097feaa11014ece4f6a75b955924b30b7d5c876b5cc314302baf8cf04d7953baedcce43e1d034471f4486020
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-