General
-
Target
indochine Trading.docx
-
Size
10KB
-
Sample
210910-pmlw6saba2
-
MD5
8f7772863ed0144ca6654fbb4479322b
-
SHA1
7198508deba3bea435ec999f261de6436eb5e44d
-
SHA256
4ab57e7ea479a0f4a2d483f867dde66ba16eec6f63bc30dc5899e3f66f8eff7a
-
SHA512
de01136ce66f32fc81728b3b19710693c51f36d02580d619ea81f1b8564efb56bcef7a7a8d6fe542d9a33f8a627830ae35bc8fddffdc6b4fd2acd2a364b3b8a6
Static task
static1
Behavioral task
behavioral1
Sample
indochine Trading.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
indochine Trading.docx
Resource
win10-en
Malware Config
Extracted
http://cml.lol/fx9g4o
Extracted
formbook
4.1
m8g0
http://www.corbvalperu.com/m8g0/
exclusivecan.com
junzhesuji.com
acces-credit-mutuel.com
iknitvintage.com
solonmodelun.com
debekia.com
peanutskitchen.com
kamanantzin.com
personalmodeststyle.com
qo49.com
googman.site
maisonshahnaz.com
annaalexandrovich.com
californiacashcars.com
ncafashionboutique.com
nsu0.com
cloudfirstlender.com
allforchildren.net
vn80000.com
restroon.com
rpm555.com
yasminaaa.com
e-shopee.com
flasnlute.online
fact-about.com
laurielobdell.com
bokzer.com
digitalmarketex.com
gemmakamps.com
cbdely.com
originem.cat
sherifalleghenycounty.com
mymenageire.com
jtzaatbya.icu
akuluarabavar.com
thepartygod.com
rpf.xyz
adejareadebimpefoundation.com
meingutschein.gratis
bahisbeta131.com
xn--proteindnyam-klb.com
marketauto.uk
xn--mgbai9a7dqf7be.com
milk-espresso-bar.com
lincolnsquareseniorliving.com
tranvachthachcao2020.com
sreezna.com
sudaniamericancollective.com
iresistable.com
healthyhabitsdiary.com
tianenconsulting.com
glassicsrentals.com
maviba.net
wheelersmill.info
schnellptc.com
touch2give.com
dadandan-blog.com
sheltaco.com
ramonnunezm.com
franchisesquareliquidations.com
hotelesmotril.com
tuxedojunctionbook.com
thedognanniesct.com
mettelonhart.com
Targets
-
-
Target
indochine Trading.docx
-
Size
10KB
-
MD5
8f7772863ed0144ca6654fbb4479322b
-
SHA1
7198508deba3bea435ec999f261de6436eb5e44d
-
SHA256
4ab57e7ea479a0f4a2d483f867dde66ba16eec6f63bc30dc5899e3f66f8eff7a
-
SHA512
de01136ce66f32fc81728b3b19710693c51f36d02580d619ea81f1b8564efb56bcef7a7a8d6fe542d9a33f8a627830ae35bc8fddffdc6b4fd2acd2a364b3b8a6
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-