General
-
Target
2021.07.26 - PO 0452649743 - F0578EU50.xlsx
-
Size
798KB
-
Sample
210726-d1yyc38gl2
-
MD5
2396108f9695e2126edb1aada8d9b866
-
SHA1
60d64e3ff8a7b763eb839b4910f4935ecbf58aa2
-
SHA256
7016c73c98597d430d0f64339ea0f00e89e19b23ab633195251a099dd7b86e87
-
SHA512
1d9373dad84fac6242f74ef99e684b8c227f563f4fa8d380b68d7653d787f3efa461bf9d639157c18d18bf57b3587aca5c5bfd10b33355a01ae0427788acddb6
Static task
static1
Behavioral task
behavioral1
Sample
2021.07.26 - PO 0452649743 - F0578EU50.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2021.07.26 - PO 0452649743 - F0578EU50.xlsx
Resource
win10v20210408
Malware Config
Extracted
formbook
4.1
http://www.dongshengjunyao.com/b2dn/
tigasaki.com
ashurmall.net
womenanhome.com
aplusmoblervrepair.com
hometheaterplanning.com
editstores.com
growtoabillion.com
uaforge96sport.com
customersuccessoutsourcing.com
northstaradio.com
remotetech42.com
matchapult.com
breakdownquartet.com
erhradtcc.com
cyainspectionsinc.com
hussy-ballistics.info
prodisa.info
mitthussweets.com
ibycoaching.com
gpspersonaltracker.equipment
kovisgjvc.icu
billhill.net
yellowpannabis.com
findagreatbargain.com
disenatuproyectodevida.com
2259.xyz
qgripahtools.icu
viraldesignsco.com
cijelifilm.wales
vx4u.com
petstrojantoys.com
gainfive.com
apparthotel-toulouse.com
pineslate.com
sujidanci.com
erjwsynudfgmswud.com
nugeneraonline.com
pelenkavilag.com
theladyray.com
exhibitorfilmbuying.com
simbolosdepoder.com
sitopito.com
betexen58.com
audio-vision.net
telecomss.com
rugpat.com
rebalancedetoxifyrx.com
stretching-30days.tech
cbluebelttvwdbuy.com
crowdgence.com
mediarchives.com
southeastpestcontrol.net
mededurus.com
novelahistoria.com
id-mensagency.com
chaitanyad.com
frontside.store
tales-of-america.com
the815experience.com
maxtech.digital
happygallery.mobi
project-myth.com
haseebjangda.com
potentialtitle.com
Targets
-
-
Target
2021.07.26 - PO 0452649743 - F0578EU50.xlsx
-
Size
798KB
-
MD5
2396108f9695e2126edb1aada8d9b866
-
SHA1
60d64e3ff8a7b763eb839b4910f4935ecbf58aa2
-
SHA256
7016c73c98597d430d0f64339ea0f00e89e19b23ab633195251a099dd7b86e87
-
SHA512
1d9373dad84fac6242f74ef99e684b8c227f563f4fa8d380b68d7653d787f3efa461bf9d639157c18d18bf57b3587aca5c5bfd10b33355a01ae0427788acddb6
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-