General
-
Target
QUOTATION#1100630004R2.doc
-
Size
54KB
-
Sample
210726-g114rbxz6n
-
MD5
a3336f2a85c572aab40243c347ebfe59
-
SHA1
f6b300530f6d294ea005b13ec08d881c9651f8af
-
SHA256
9604fbb0d387877ea857295c8b350e75d5adedc3907bc25f19baf16fff3b0d05
-
SHA512
b4a02c7df3537f861429346bd2813de9f89cdb18fb867b8f9eb140d6e2d190bf1a9ff33302e919c111b1e379ef09840c8c1c8289d7fb20fbe2fff4268ea085cf
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION#1100630004R2.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
QUOTATION#1100630004R2.doc
Resource
win10v20210410
Malware Config
Extracted
formbook
4.1
http://www.containerflippers.com/np0c/
spartansurebets.com
threelakestradingco.com
metaspace.global
zjenbao.com
directlyincluded.press
peterchadri.com
learnhousebreaking.com
wonobattle.online
leadate.com
shebafarmscali.com
top4thejob.online
awakeyourfaith.com
bedford-st.com
lolwhats.com
cucurumbel.com
lokalbazaar.com
matter.pro
eastcountyanimalrescue.com
musesgirl.com
noordinarydairy.com
saigonstar2.com
farmacias-aranda.com
fjzzck.com
createandelevate.solutions
australiavapeoil.com
imperfectlymassabella.com
criminalmindeddesign.com
silverstoneca.com
scotlandpropertygroup.com
3dvbuild.com
privatebeautysuites.com
driplockerstore.com
rcdesigncompany.com
2141cascaderdsw.com
mybbblog.com
bodyambrosia.com
solitudeblog.com
coworkingofficespaces.com
9999cpa.com
flipwo.com
dynamicfitnesslife.store
anandsharmah.com
afyz-jf7y.net
erikagrandstaff.com
pumpfoil.com
bodurm.com
goldlifetime.com
a1organ.com
akomandr.com
hsavvysupply.com
dyvyn.com
bizlikeabosslady.network
livein.space
helpafounderout.com
orbmena.com
mrrodgersrealty.com
roxhomeswellington.com
klimareporter.com
1040fourthst405.com
blackbuiltbusinesses.com
solidswim.com
lordetkinlik3.com
gardencontainerbar.com
viperporn.net
Targets
-
-
Target
QUOTATION#1100630004R2.doc
-
Size
54KB
-
MD5
a3336f2a85c572aab40243c347ebfe59
-
SHA1
f6b300530f6d294ea005b13ec08d881c9651f8af
-
SHA256
9604fbb0d387877ea857295c8b350e75d5adedc3907bc25f19baf16fff3b0d05
-
SHA512
b4a02c7df3537f861429346bd2813de9f89cdb18fb867b8f9eb140d6e2d190bf1a9ff33302e919c111b1e379ef09840c8c1c8289d7fb20fbe2fff4268ea085cf
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-