General
-
Target
AWB 520326756202 INV. SHIPPING DOCS.xlsx
-
Size
464KB
-
Sample
211028-ltzj3acad3
-
MD5
f602fc5c03a11c23fcd0bedc5befee5d
-
SHA1
45aa4a9fcec5b9e2a3b6791d7d2d2b3e59581e14
-
SHA256
e505d7dc6ed7b8b3a043a6e6800532927212d35926722b19c8ee4cefd0513b41
-
SHA512
740510f14ed1dbd5979af938536403054f6f225b9a97bb6973ffa25be028ee01e7cdf726b2a8bebef1707fb4801903a1220f38f1e43dd68b4c5934e41d6a212f
Static task
static1
Behavioral task
behavioral1
Sample
AWB 520326756202 INV. SHIPPING DOCS.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
AWB 520326756202 INV. SHIPPING DOCS.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
formbook
4.1
kzk9
http://www.yourmajordomo.com/kzk9/
tianconghuo.club
1996-page.com
ourtownmax.net
conservativetreehose.com
synth.repair
donnachicacreperia.com
tentfull.com
weapp.download
surfersink.com
gattlebusinessservices.com
sebastian249.com
anhphuc.company
betternatureproducts.net
defroplate.com
seattlesquidsquad.com
polarjob.com
lendingadvantage.com
angelsondope.com
goportjitney.com
tiendagrupojagr.com
self-care360.com
foreignexchage.com
loan-stalemate.info
hrsimrnsingh.com
laserobsession.com
primetimesmagazine.com
teminyulon.xyz
kanoondarab.com
alpinefall.com
tbmautosales.com
4g2020.com
libertyquartermaster.com
flavorfalafel.com
generlitravel.com
solvedfp.icu
jamnvibez.com
zmx258.com
doudiangroup.com
dancecenterwest.com
ryantheeconomist.com
beeofthehive.com
bluelearn.world
vivalasplantas.com
yumiacraftlab.com
shophere247365.com
enjoybespokenwords.com
windajol.com
ctgbazar.xyz
afcerd.com
dateprotect.com
northeastonmusic.com
fourwaira.com
forschungsraumtheater.com
islameraloke.com
mavericksone.com
whguideinfrared.com
akomandr.com
experts-portail.com
ambassadorworldnews.com
case-kangaroo.com
theglobalbusinessmentor.com
igforoldpeople.com
royalglossesbss.com
merxeduct.com
Targets
-
-
Target
AWB 520326756202 INV. SHIPPING DOCS.xlsx
-
Size
464KB
-
MD5
f602fc5c03a11c23fcd0bedc5befee5d
-
SHA1
45aa4a9fcec5b9e2a3b6791d7d2d2b3e59581e14
-
SHA256
e505d7dc6ed7b8b3a043a6e6800532927212d35926722b19c8ee4cefd0513b41
-
SHA512
740510f14ed1dbd5979af938536403054f6f225b9a97bb6973ffa25be028ee01e7cdf726b2a8bebef1707fb4801903a1220f38f1e43dd68b4c5934e41d6a212f
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-