General
-
Target
INVOICE44.xlsx
-
Size
403KB
-
Sample
211015-hjpekaafc4
-
MD5
84abe73a24c3c85c72f96a7f74246ed4
-
SHA1
bc2484c7dd276281462b1b8ce40e957b6192bd9b
-
SHA256
b0bb44364e6069575ed370a6b2bef2953828d3391d16287d66efa3fdf03a3387
-
SHA512
f41bd58e222ed91966e081d54c94035b085bbe5bc334d1a077c57ecbb71b3ffd6773bea0f405aa70ca3e512530ade10b5696a49a900c1800f75d23c13413bdf9
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE44.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
INVOICE44.xlsx
Resource
win10-en-20211014
Malware Config
Extracted
formbook
4.1
hs3h
http://www.alefisrael.com/hs3h/
slairt.com
teresasellsflorida.com
resouthcarolina.com
npccfbf.com
hutshed.com
westatesmarking.com
rustmonkeys.com
kagawa-rentacar.com
easyvoip-system.com
admorinsulation.com
ericaleighjensen.com
zhonghaojiaju.net
apple-iphone.xyz
b0t.info
torgetmc.xyz
lawrencemargarse.com
6123655.com
macdonalds-delivery.com
cvpfl.com
ayudaparaturent.com
toptenanimals.com
zambiadawn.com
muzoe.com
xtrembabes.com
nomadicfoodpods.com
sibernewskaltara.com
thelyfetour.com
sailinn.xyz
cisiworld.com
right-effort.com
emmanuelleramaroson.com
aptgdaycare.com
yanceyhomes.com
minooshargh.com
littlemontars.com
liuhemustam.com
tajaraenterprises.com
myteepathfinder.com
nectarselector.com
digitalbusinesscard.website
kirakira-woman.xyz
tntexpressdelivery.com
collectcuriously.com
marielagarciarealty.com
javierramonmartinezalarcon.com
eis-investment.com
bookanyclick.com
primespotshop.com
heatdistrict.xyz
beadedjoy.com
oyster-gal.com
umateam.com
reservadaspalmeiras-mg.com
thiramirez.info
stanfec.xyz
cowcoupon.com
humaneeventmedia.com
exquisitepdc.com
silverartandcraft.com
plomeroelectricistaquintana.com
encounterniagara.com
ram-nilu.com
standwithcode.com
sphereexit.com
Targets
-
-
Target
INVOICE44.xlsx
-
Size
403KB
-
MD5
84abe73a24c3c85c72f96a7f74246ed4
-
SHA1
bc2484c7dd276281462b1b8ce40e957b6192bd9b
-
SHA256
b0bb44364e6069575ed370a6b2bef2953828d3391d16287d66efa3fdf03a3387
-
SHA512
f41bd58e222ed91966e081d54c94035b085bbe5bc334d1a077c57ecbb71b3ffd6773bea0f405aa70ca3e512530ade10b5696a49a900c1800f75d23c13413bdf9
-
Formbook Payload
-
Looks for VirtualBox Guest Additions in registry
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-