General
-
Target
ORDER 19202111.doc
-
Size
17KB
-
Sample
211119-hftj4shdek
-
MD5
e4ce95f03ab27b0d13b9072d1b0c2137
-
SHA1
8d69aba029dd8cd5d81e1b66c2924fc52faf0880
-
SHA256
8211e35c2df7cabc2715727576f75621a9640fe9f379564558a1c4298495f62e
-
SHA512
d9f57c3b63fa41d4e805b87ec38844a1f7d20c51f2e3bdefd119d19f34b8f7b0e7b7a94d32d039b0d88414c9329151c748878d67e1adedd91383d62c102d8470
Static task
static1
Behavioral task
behavioral1
Sample
ORDER 19202111.doc
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
ORDER 19202111.doc
Resource
win10-en-20211104
Malware Config
Extracted
formbook
4.1
ob7y
http://www.metanewsroom.net/ob7y/
ipsdjf.com
mlphntec.com
restaurant-day.store
writeramylong.com
flokigamefi.com
usetianyi.xyz
punishstrikebreaker.quest
ericnfleming.com
dhhwtieen.xyz
milfhackers.com
fewefie.store
pithstsdiet.store
kirsten-hemmerich.com
casinolopoca.com
sigag.xyz
geilepoes.com
metawhatsapp.art
sarjin.xyz
toprabatte.net
lotofbrave.club
ladydunyasi.com
oeooaoio.xyz
ifarh.com
geovaluablehack.com
heatherwoodrealestate.com
788027.com
groweth2gloweth.com
corryandbee.com
chatech.community
defholdingsus.com
gymandsports213.sbs
safaknet.com
rnisk.store
yhsps.com
taxlawyeral.com
liberiathelandofreturn.net
beniclothingstore.com
onecashadvance.com
metawhatsapp.delivery
chseovx.xyz
fiftyix.com
ambassadorbed.com
doktorhelp.com
memoryck.com
ceto21.com
zomerubo.rest
tyoutrannyvidep.com
3cbzfhhx5.com
cryleo.com
thebigass.online
ofd-trade-sender.com
elchinazizov.com
shakilimam.com
soporhojecast.com
reyestacosrestaurant.com
supdeszka.com
kredit-option.com
sharonallenart.com
destockage-international.com
immediate-edge-pl.xyz
jmsjszc.com
mojuwangluo.com
tr4ders.com
zilingodigitize.com
Targets
-
-
Target
ORDER 19202111.doc
-
Size
17KB
-
MD5
e4ce95f03ab27b0d13b9072d1b0c2137
-
SHA1
8d69aba029dd8cd5d81e1b66c2924fc52faf0880
-
SHA256
8211e35c2df7cabc2715727576f75621a9640fe9f379564558a1c4298495f62e
-
SHA512
d9f57c3b63fa41d4e805b87ec38844a1f7d20c51f2e3bdefd119d19f34b8f7b0e7b7a94d32d039b0d88414c9329151c748878d67e1adedd91383d62c102d8470
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-