General
-
Target
HANYUAN PROJECT SDN BHD _PRJ S2505.xlsx
-
Size
1.2MB
-
Sample
210727-whqy4z12ta
-
MD5
7c5f2178cbddc544639af018ee27181b
-
SHA1
b587c5fe244c025ea92e8ec1e112da5a1d151084
-
SHA256
7cb3ffa44654db626e5eaec3cf679ac8c4c033db7103fff7da4e8ccb4aacf797
-
SHA512
69174a968a7920d5e258ef17b0f6a72000b9d074063a306e5642e1e3c05893e676382b3a6539f9e05151c6ce1718de19ab05580b03414f513fe90994570c1a84
Static task
static1
Behavioral task
behavioral1
Sample
HANYUAN PROJECT SDN BHD _PRJ S2505.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
HANYUAN PROJECT SDN BHD _PRJ S2505.xlsx
Resource
win10v20210410
Malware Config
Extracted
formbook
4.1
http://www.surreal-myzrael.com/z7a/
dotstories.xyz
egd-dz.com
caringhealthrecruit.com
transportdupont.com
teh-support.pro
catfad.com
pinewoodlakepool.net
pendekar-qq.info
duplicuty-garden.com
librtshop.com
stepmed.life
seatplusplus.com
bluzelle.money
weflew.xyz
bolaci.com
arrebatamentonews.com
sukesanblog.com
shadow-campaign.com
anpfiff.net
taste-of-poland.com
fortniting.com
hotels-congres.com
seven10sixty.com
sarahbeanfalo.net
qoslkkhqtg.net
balancewithdrjody.com
jinjulicm.com
vlccfixtures.com
formsautomationsolution.com
ssrinfo.com
viidegrees.com
blueskysites.com
asamedicalsystems.com
ukl.ink
energymanagerpro.com
teammcniffrealestate.com
ava.education
ericsmobileworkshop.com
top10shadetrees.com
renovialab.com
motorworld.rentals
delossantos4nc.com
kaisuo69.com
flyfishingdaily.com
easyhomeone.com
empeflix.com
firstfamilyofwdw.life
solevux.com
maycheer.store
unleashedword.com
supremenursery.com
stagenego.com
corona-massnahmengesetzii.info
adultwebmas.com
jackcockburn.com
ibalawyer.com
freeliving.xyz
cybersecuredad.com
virtualipassistant.com
800seyana.com
directlinestream.com
proprepflooring.com
kaustubhkokate.com
hoslergroup.com
Targets
-
-
Target
HANYUAN PROJECT SDN BHD _PRJ S2505.xlsx
-
Size
1.2MB
-
MD5
7c5f2178cbddc544639af018ee27181b
-
SHA1
b587c5fe244c025ea92e8ec1e112da5a1d151084
-
SHA256
7cb3ffa44654db626e5eaec3cf679ac8c4c033db7103fff7da4e8ccb4aacf797
-
SHA512
69174a968a7920d5e258ef17b0f6a72000b9d074063a306e5642e1e3c05893e676382b3a6539f9e05151c6ce1718de19ab05580b03414f513fe90994570c1a84
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-