General
-
Target
HSBC Payment Advice Ref 62587299-22.doc
-
Size
270KB
-
Sample
211110-xzjatafcaj
-
MD5
bbcbecd2b756d90b3f3a04c0c68e0b52
-
SHA1
62d74956cc501daf24762424c175ab7b124be2a7
-
SHA256
d3f0942d64ef61c0af53023853b0cbd2e9ade287773e801e3fd82738f090db9b
-
SHA512
994c14e2d53157d6885b587de9b6dd76d207bd3b7bc8246a2309222ea4eabea42d5d7c90235f624bbb60d4f99abbd3d8f4fa41e0d7f4a2fb653d6ca2de10d54b
Static task
static1
Behavioral task
behavioral1
Sample
HSBC Payment Advice Ref 62587299-22.doc
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
HSBC Payment Advice Ref 62587299-22.doc
Resource
win10-en-20211014
Malware Config
Extracted
formbook
4.1
s18y
http://www.agentpathleurre.space/s18y/
jokes-online.com
dzzdjn.com
lizzieerhardtebnaryepptts.com
interfacehand.xyz
sale-m.site
block-facebook.com
dicasdamadrinha.com
maythewind.com
hasari.net
omnists.com
thevalley-eg.com
rdfj.xyz
szhfcy.com
alkalineage.club
fdf.xyz
absorplus.com
poldolongo.com
badassshirts.club
ferienwohnungenmv.com
bilboondokoak.com
ambrosiaaudio.com
lifeneurologyclub.com
femboys.world
blehmails.com
gametimebg.com
duytienauto.net
owerful.com
amedicalsupplyco.com
americonnlogistics.com
ateamautoglassga.com
clickstool.com
fzdzcnj.com
txtgo.xyz
izassist.com
3bangzhu.com
myesstyle.com
aek181129aek.xyz
daoxinghumaotest.com
jxdg.xyz
restorationculturecon.com
thenaturalnutrient.com
sportsandgames.info
spiderwebinar.net
erqgseidx.com
donutmastermind.com
aidatislemleri-govtr.com
weetsist.com
sunsetschoolportaits.com
exodusguarant.tech
gsnbls.top
huangdashi33.xyz
amazonretoure.net
greathomeinlakewood.com
lenovoidc.com
qiuhenglawfirm.com
surveyorslimited.com
carterscts.com
helmosy.online
bakersfieldlaughingstock.com
as-payjrku.icu
mr-exclusive.com
givepy.info
ifvita.com
obesocarpinteria.online
Targets
-
-
Target
HSBC Payment Advice Ref 62587299-22.doc
-
Size
270KB
-
MD5
bbcbecd2b756d90b3f3a04c0c68e0b52
-
SHA1
62d74956cc501daf24762424c175ab7b124be2a7
-
SHA256
d3f0942d64ef61c0af53023853b0cbd2e9ade287773e801e3fd82738f090db9b
-
SHA512
994c14e2d53157d6885b587de9b6dd76d207bd3b7bc8246a2309222ea4eabea42d5d7c90235f624bbb60d4f99abbd3d8f4fa41e0d7f4a2fb653d6ca2de10d54b
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-