General
-
Target
C.V_Job Request.doc
-
Size
434KB
-
Sample
211027-rwallsfba7
-
MD5
b5be29921304476377e096c60a3fb418
-
SHA1
653d40c3e86feb11b1cc6b7745257754c296c109
-
SHA256
fd4e52557f511c596e0d0ff58a1a7775a1295889461b73856d4aa733108e7b58
-
SHA512
987cb27f1b49978d5dae764d61f4a0af9dff31d073e1d2a28c4d2ac2ee1a9772ef5d337878ca1e7fb18aa8d1f67affcd586336b066afff52ad46ce250de4ff97
Static task
static1
Behavioral task
behavioral1
Sample
C.V_Job Request.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
C.V_Job Request.doc
Resource
win10-en-20210920
Malware Config
Extracted
formbook
4.1
s18y
http://www.agentpathleurre.space/s18y/
jokes-online.com
dzzdjn.com
lizzieerhardtebnaryepptts.com
interfacehand.xyz
sale-m.site
block-facebook.com
dicasdamadrinha.com
maythewind.com
hasari.net
omnists.com
thevalley-eg.com
rdfj.xyz
szhfcy.com
alkalineage.club
fdf.xyz
absorplus.com
poldolongo.com
badassshirts.club
ferienwohnungenmv.com
bilboondokoak.com
ambrosiaaudio.com
lifeneurologyclub.com
femboys.world
blehmails.com
gametimebg.com
duytienauto.net
owerful.com
amedicalsupplyco.com
americonnlogistics.com
ateamautoglassga.com
clickstool.com
fzdzcnj.com
txtgo.xyz
izassist.com
3bangzhu.com
myesstyle.com
aek181129aek.xyz
daoxinghumaotest.com
jxdg.xyz
restorationculturecon.com
thenaturalnutrient.com
sportsandgames.info
spiderwebinar.net
erqgseidx.com
donutmastermind.com
aidatislemleri-govtr.com
weetsist.com
sunsetschoolportaits.com
exodusguarant.tech
gsnbls.top
huangdashi33.xyz
amazonretoure.net
greathomeinlakewood.com
lenovoidc.com
qiuhenglawfirm.com
surveyorslimited.com
carterscts.com
helmosy.online
bakersfieldlaughingstock.com
as-payjrku.icu
mr-exclusive.com
givepy.info
ifvita.com
obesocarpinteria.online
Targets
-
-
Target
C.V_Job Request.doc
-
Size
434KB
-
MD5
b5be29921304476377e096c60a3fb418
-
SHA1
653d40c3e86feb11b1cc6b7745257754c296c109
-
SHA256
fd4e52557f511c596e0d0ff58a1a7775a1295889461b73856d4aa733108e7b58
-
SHA512
987cb27f1b49978d5dae764d61f4a0af9dff31d073e1d2a28c4d2ac2ee1a9772ef5d337878ca1e7fb18aa8d1f67affcd586336b066afff52ad46ce250de4ff97
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-