General
-
Target
SALAMATH EXPORTS.docx
-
Size
10KB
-
Sample
210914-t6dgcsbabp
-
MD5
12f193f5a91b18567a1dc4c652a9b9f4
-
SHA1
9c030151be689de05d2391114f437d748b13c8d8
-
SHA256
32cfaa88c450f72627f502fa72b50b21c3ae2d0199eebbd9f3f750945521678a
-
SHA512
ab3d112138c3e5e8b303a58ed35df967acdedd4f1e6c9efb419395c6ba6f0224f6ef2f5a429ebdf5842e59df9dcbf83f79f5ad5dd345a88e56efdc1cecb78112
Static task
static1
Behavioral task
behavioral1
Sample
SALAMATH EXPORTS.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SALAMATH EXPORTS.docx
Resource
win10-en
Malware Config
Extracted
http://cml.lol/tj7g80
Extracted
formbook
4.1
m8g0
http://www.corbvalperu.com/m8g0/
exclusivecan.com
junzhesuji.com
acces-credit-mutuel.com
iknitvintage.com
solonmodelun.com
debekia.com
peanutskitchen.com
kamanantzin.com
personalmodeststyle.com
qo49.com
googman.site
maisonshahnaz.com
annaalexandrovich.com
californiacashcars.com
ncafashionboutique.com
nsu0.com
cloudfirstlender.com
allforchildren.net
vn80000.com
restroon.com
rpm555.com
yasminaaa.com
e-shopee.com
flasnlute.online
fact-about.com
laurielobdell.com
bokzer.com
digitalmarketex.com
gemmakamps.com
cbdely.com
originem.cat
sherifalleghenycounty.com
mymenageire.com
jtzaatbya.icu
akuluarabavar.com
thepartygod.com
rpf.xyz
adejareadebimpefoundation.com
meingutschein.gratis
bahisbeta131.com
xn--proteindnyam-klb.com
marketauto.uk
xn--mgbai9a7dqf7be.com
milk-espresso-bar.com
lincolnsquareseniorliving.com
tranvachthachcao2020.com
sreezna.com
sudaniamericancollective.com
iresistable.com
healthyhabitsdiary.com
tianenconsulting.com
glassicsrentals.com
maviba.net
wheelersmill.info
schnellptc.com
touch2give.com
dadandan-blog.com
sheltaco.com
ramonnunezm.com
franchisesquareliquidations.com
hotelesmotril.com
tuxedojunctionbook.com
thedognanniesct.com
mettelonhart.com
Targets
-
-
Target
SALAMATH EXPORTS.docx
-
Size
10KB
-
MD5
12f193f5a91b18567a1dc4c652a9b9f4
-
SHA1
9c030151be689de05d2391114f437d748b13c8d8
-
SHA256
32cfaa88c450f72627f502fa72b50b21c3ae2d0199eebbd9f3f750945521678a
-
SHA512
ab3d112138c3e5e8b303a58ed35df967acdedd4f1e6c9efb419395c6ba6f0224f6ef2f5a429ebdf5842e59df9dcbf83f79f5ad5dd345a88e56efdc1cecb78112
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
suricata: ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
suricata: ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-