General
-
Target
PO 212RC048.doc
-
Size
3KB
-
Sample
211210-mjtrhahecj
-
MD5
b7637e47ba59800d5286f30c15ab1a8a
-
SHA1
b593004f32c805fff51af01d46a2845f7870f8a3
-
SHA256
dd131b523e19862053b938fcd6468db4a3a6e42259c1fd01d854bd87225a2019
-
SHA512
d9a7b8133023bf4288cdaae62e9e5b31363430b7c8e779b6e08e10db2f03db867e85c1b683072085bd9bffe9addc23be4800e74220e9cc09712fd0f92b688e44
Static task
static1
Behavioral task
behavioral1
Sample
PO 212RC048.doc
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
PO 212RC048.doc
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
h4d0
http://www.voxelsoxx.xyz/h4d0/
onlinefinejewelry.com
samstringermusic.com
beam-lettings.info
optimumcoin.xyz
fasa.xyz
creativedime.com
eihncuz.online
griffin2008.top
europcarlive.com
jxhcar.com
museumsshop.international
bonolaboral-lnterbank.com
kelebandis.xyz
hiddenlakeranch.net
carelessyouth.com
jfkilfoil.store
potok-it-ua.site
magdulemediation.com
shakadal.xyz
coastconstructionfl.com
wilsonbrosvanlines.com
collagenroaster.com
thegetawayspace.com
grittybeetsproduction.com
ieemyanmar.com
gyozaviajera.com
familie-leben.info
finnbd.com
nomasrevolving.com
gtstudios.art
sergesur.com
hnljgame.com
lakemould.com
kandanmart.com
devinbutler.com
everythingisdetermined.com
justift96.com
crose.info
pb6111.com
thecollarcollective.com
jrc8899.com
studiocrypto.xyz
sadrarobotics.com
carpimuebles.com
chinaqcgg.com
ninjixiang.net
thewildexplorerabin.com
realestatenebraskanews.com
metaversenitro.com
com171ksw.xyz
fammilee.com
farmstoragesolution.com
some-things.net
kedaiwangi.one
aztrac.net
webzyn.xyz
cell-mex.com
argusprojects.com
jcaemporium.com
xfgyun.store
xdhgrl.com
creating-club.com
masterproperty34.com
joyemotion.com
Targets
-
-
Target
PO 212RC048.doc
-
Size
3KB
-
MD5
b7637e47ba59800d5286f30c15ab1a8a
-
SHA1
b593004f32c805fff51af01d46a2845f7870f8a3
-
SHA256
dd131b523e19862053b938fcd6468db4a3a6e42259c1fd01d854bd87225a2019
-
SHA512
d9a7b8133023bf4288cdaae62e9e5b31363430b7c8e779b6e08e10db2f03db867e85c1b683072085bd9bffe9addc23be4800e74220e9cc09712fd0f92b688e44
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-