General
-
Target
WPS- 3668-2021.xlsx
-
Size
2.1MB
-
Sample
211015-k17nksbeak
-
MD5
caa7649ae24eafae30470a408b885c49
-
SHA1
d73e639c9e2d8bc4bef809d2aea88e820be04b94
-
SHA256
281d5d2e057a2ecca94356372c1aa859fbbcd42db008ba2be42b85586f1b39b6
-
SHA512
89ca7dbc3cd1d384073e118858ec501059d0fd4c65df2616f5bce64507dd0401ffd15dfa6103ab19d60286982965d7481ab1a778d9c8f9796840dd4fba69df95
Static task
static1
Behavioral task
behavioral1
Sample
WPS- 3668-2021.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
WPS- 3668-2021.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
formbook
4.1
nk6l
http://www.rthearts.com/nk6l/
cbnextra.com
entitysystemsinc.com
55midwoodave.com
ebelizzi.com
khojcity.com
1527brokenoakdrive.site
housinghproperties.com
ratiousa.com
lrcrepresentacoes.net
tocoec.net
khadamatdemnate.com
davidkastner.xyz
gardeniaresort.com
qiantangguoji.com
visaprepaidprocessinq.com
cristinamadara.com
semapisus.xyz
mpwebagency.net
alibabasdeli.com
gigasupplies.com
quantumskillset.com
eajui136.xyz
patsanchezelpaso.com
trined.mobi
amaturz.info
approveprvqsx.xyz
fronterapost.house
clairewashere.site
xn--3jst70hg8f.com
thursdaynightthriller.com
primacykapjlt.xyz
vaginette.site
olitusd.com
paypal-caseid521.com
preose.xyz
ferbsqlv28.club
iffiliatefreedom.com
okdahotel.com
cochuzyan.xyz
hotyachts.net
diamond-beauties.com
storyofsol.com
xianshucai.net
venusmedicalarts.com
energiaorgonu.com
savannah.biz
poeticdaily.com
wilddalmatian.com
kdydkyqksqucyuyen.com
meanmod.xyz
kaka.digital
viewcision.com
wowzerbackupandrestore-us.com
hydrogendatapower.com
427521.com
ponto-bras.space
chevalsk.com
hnftdl.com
nanasyhogar.com
createacarepack.com
wildkraeuter-wochenende.com
uchihomedeco.com
quintongiang.com
mnbvending.com
Targets
-
-
Target
WPS- 3668-2021.xlsx
-
Size
2.1MB
-
MD5
caa7649ae24eafae30470a408b885c49
-
SHA1
d73e639c9e2d8bc4bef809d2aea88e820be04b94
-
SHA256
281d5d2e057a2ecca94356372c1aa859fbbcd42db008ba2be42b85586f1b39b6
-
SHA512
89ca7dbc3cd1d384073e118858ec501059d0fd4c65df2616f5bce64507dd0401ffd15dfa6103ab19d60286982965d7481ab1a778d9c8f9796840dd4fba69df95
-
suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-