General
-
Target
PO-829ARTS-PI 2021-7-17.xlsx
-
Size
1.1MB
-
Sample
210728-ad2d79vdw6
-
MD5
ba24c9c748b75fb64abc01cc6c18ed81
-
SHA1
a08173593973d23242ad28722cf60924f77fdcff
-
SHA256
25cf0d59c10c48159f55b2ed560b6f3974f5b007b9b4bb31b9cfd5e33ca0bd09
-
SHA512
2536da0aacd37188278d31205b912096d37e9c62cb9247cae0e15d7999ec02ab9697db71b72c3e188e07240064bae77d584606cf9f3c3746bdadabd59177528d
Static task
static1
Behavioral task
behavioral1
Sample
PO-829ARTS-PI 2021-7-17.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO-829ARTS-PI 2021-7-17.xlsx
Resource
win10v20210410
Malware Config
Extracted
formbook
4.1
http://www.fortmyerscruisevacation.com/dd2v/
jkrqzmeyd.icu
cbluedottvwdshop.com
yhchen.space
premierhealthnwellness.com
szkuyaju.com
harvestmoonloans.net
dadematerial.com
mariaclarahairstudio.com
hwunvy.online
puloutjbmere.com
kossu1989.com
dubbedos.com
ncylis.com
hybrid-sol.com
travelature.com
gracefulcounts.com
66secretgarden.com
eslonyourcell.com
wisersponsorship.com
sepn3.com
mozambiquematrimony.com
valvulasyconexiones.com
drinksupercofee.com
universe-direct.com
alvesdeabreu.info
sitepew.life
tentenflower.net
jqclean.com
lotusinplay247.com
safaricaretransportation.com
bosscheschool.com
rentahome.online
syeddropship.com
dsavohv.icu
mainspaceforcontenting.club
onlinemedsus.com
getueaqaredre.com
raregirlgem.net
cohenone.com
luxsot.com
levelupbbqcleaning.com
bttjagalan.xyz
nisheying.com
2299diamond301.com
soilfoodwebofcolorado.com
postcomanetwork.com
directivewellness.com
adewalesolarin-maths.com
kumarendran.com
wgan3rdpartyserviceprovider.com
kidsclothing.center
lielm.com
codebcodeenforcement.net
cash4monero.com
greatlookingmom.com
laconices.com
q99f.com
olimpobarberiaspa.com
urockoffroad.com
bestselfcoachingforfitpros.com
collectionbypaty.com
hindustanpu.com
atlerz.com
strategyonerealty.com
Targets
-
-
Target
PO-829ARTS-PI 2021-7-17.xlsx
-
Size
1.1MB
-
MD5
ba24c9c748b75fb64abc01cc6c18ed81
-
SHA1
a08173593973d23242ad28722cf60924f77fdcff
-
SHA256
25cf0d59c10c48159f55b2ed560b6f3974f5b007b9b4bb31b9cfd5e33ca0bd09
-
SHA512
2536da0aacd37188278d31205b912096d37e9c62cb9247cae0e15d7999ec02ab9697db71b72c3e188e07240064bae77d584606cf9f3c3746bdadabd59177528d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-