General
-
Target
invoice.doc
-
Size
44KB
-
Sample
211019-j5626sfde7
-
MD5
f9a9e02d320ae1d2d6c2990a86c01775
-
SHA1
e57f3da7a482857d8815472b60ee488f165a1647
-
SHA256
e3a47b89d96d1648c524e522239827897194653cb32d8b547a0cc301cf254cb2
-
SHA512
97d1a3ffa4152496f95aedf91e05fbd324519a6e8943353e3b6a701110dfc66f86bb38a4fa9b66af888d5363a058faa4cd97017c3aba8b9d6de7e4399914ea8f
Static task
static1
Behavioral task
behavioral1
Sample
invoice.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
invoice.doc
Resource
win10-en-20211014
Malware Config
Extracted
formbook
4.1
mxwf
http://www.zahnimplantatangebotede.com/mxwf/
orders-cialis.info
auctionorbuy.com
meanmugsamore.com
yachtcrewmark.com
sacredkashilifestudio.net
themintyard.com
bragafoods.com
sierp.com
hausofdeme.com
anthonyjames915.com
bajardepesoencasa.com
marciaroyal.com
earringlifter.com
dsdjfhd9ddksa1as.info
bmzproekt.com
employmentbc.com
ptsdtreatment.space
vrchance.com
cnrongding.com
welovelit.com
intercourierdelivery.services
ianwhitewrite.com
afcerd.com
beneficiodemedicare.com
gatel3ess.com
salesnksportswt.top
thewellnessloft365.com
totensa.com
jessicatheisen.com
snowtographers.com
executrainpr.com
puttypaw.com
popcorntimeipad.com
heyconi.com
llanoresources.com
ibusinesshero.com
1euro1ad.com
sparkleeapp.com
zhuxiugyh.com
calvinmaphoto.com
bjmaomao.com
isaacfujiki.com
zipwhipper.com
kontrollstutzen.com
hannaheason.media
zgcbw.net
letteringdagabi.com
kitefabrics.com
andherieastoffices.com
thewellnesstravelcompany.info
ohio.works
beacharita.com
alphamillls.com
sassandvinegar.com
usauber.com
ceylonherbslk.com
richardggreenhill.com
groupdae.com
jupiterccc.com
indoovo.com
sunnytheodora.com
gxpgfz.com
shoppandaxpress.com
heiboard.com
Targets
-
-
Target
invoice.doc
-
Size
44KB
-
MD5
f9a9e02d320ae1d2d6c2990a86c01775
-
SHA1
e57f3da7a482857d8815472b60ee488f165a1647
-
SHA256
e3a47b89d96d1648c524e522239827897194653cb32d8b547a0cc301cf254cb2
-
SHA512
97d1a3ffa4152496f95aedf91e05fbd324519a6e8943353e3b6a701110dfc66f86bb38a4fa9b66af888d5363a058faa4cd97017c3aba8b9d6de7e4399914ea8f
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-