General
-
Target
Request for Quote.doc
-
Size
284KB
-
Sample
211012-tmx2nacehr
-
MD5
13b0f950e6053f758330793454df0d1e
-
SHA1
8a8421007b2af55e8381a5625a3e5f07794ad8b0
-
SHA256
7312e4d88a96b1c5cfda9a0edefd206400aff65cdb05ac599ed7adcf8bf166f9
-
SHA512
f10fae86cd3a901eb9b8ac2e3bcab42db10e8202c2aa78716102389645d451d7f011c4c06e4b56639455027ba9ac38a4bd684e1fd8ecfb5ee7508b29a4a438cf
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quote.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Request for Quote.doc
Resource
win10v20210408
Malware Config
Extracted
formbook
4.1
mxwf
http://www.zahnimplantatangebotede.com/mxwf/
orders-cialis.info
auctionorbuy.com
meanmugsamore.com
yachtcrewmark.com
sacredkashilifestudio.net
themintyard.com
bragafoods.com
sierp.com
hausofdeme.com
anthonyjames915.com
bajardepesoencasa.com
marciaroyal.com
earringlifter.com
dsdjfhd9ddksa1as.info
bmzproekt.com
employmentbc.com
ptsdtreatment.space
vrchance.com
cnrongding.com
welovelit.com
intercourierdelivery.services
ianwhitewrite.com
afcerd.com
beneficiodemedicare.com
gatel3ess.com
salesnksportswt.top
thewellnessloft365.com
totensa.com
jessicatheisen.com
snowtographers.com
executrainpr.com
puttypaw.com
popcorntimeipad.com
heyconi.com
llanoresources.com
ibusinesshero.com
1euro1ad.com
sparkleeapp.com
zhuxiugyh.com
calvinmaphoto.com
bjmaomao.com
isaacfujiki.com
zipwhipper.com
kontrollstutzen.com
hannaheason.media
zgcbw.net
letteringdagabi.com
kitefabrics.com
andherieastoffices.com
thewellnesstravelcompany.info
ohio.works
beacharita.com
alphamillls.com
sassandvinegar.com
usauber.com
ceylonherbslk.com
richardggreenhill.com
groupdae.com
jupiterccc.com
indoovo.com
sunnytheodora.com
gxpgfz.com
shoppandaxpress.com
heiboard.com
Targets
-
-
Target
Request for Quote.doc
-
Size
284KB
-
MD5
13b0f950e6053f758330793454df0d1e
-
SHA1
8a8421007b2af55e8381a5625a3e5f07794ad8b0
-
SHA256
7312e4d88a96b1c5cfda9a0edefd206400aff65cdb05ac599ed7adcf8bf166f9
-
SHA512
f10fae86cd3a901eb9b8ac2e3bcab42db10e8202c2aa78716102389645d451d7f011c4c06e4b56639455027ba9ac38a4bd684e1fd8ecfb5ee7508b29a4a438cf
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-