General
-
Target
Payment advice.xlsx
-
Size
317KB
-
Sample
211216-jx94vsbdg5
-
MD5
64a7ebd803d51adfbdf6ac59f80c480d
-
SHA1
5cc23d9eb83bcfc85478869c2582a49704e31025
-
SHA256
065082cb9c1f153dd36a418b551c33187148b5f56e28dc14f9208e81c40739c4
-
SHA512
d67f81c93c77489bd04edd781e1625abd8991b1cac9962e592a6c077febb270a85db64f2eaafa9d51f00b1f02391ae4c883bbb35e564d47a44b4f1cc132eb8d0
Static task
static1
Behavioral task
behavioral1
Sample
Payment advice.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Payment advice.xlsx
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
og2w
drivenexpress.info
pdfproxy.com
zyz999.top
oceanserver1.com
948289.com
nubilewoman.com
ibizadiamonds.com
bosniantv-australia.com
juliehutzell.com
poshesocial.events
icsrwk.xyz
nap-con.com
womansslippers.com
invictusfarm.com
search-panel-avg-rock.rest
desencriptar.com
imperialexoticreptiles.com
agastify.com
strinvstr.com
julianapeloi.com
myproperty99.com
mahardikasantoso.com
pathway-strategies.com
runbusinessonline.com
facenbook.xyz
texasschnauzer.com
whoyummy.top
hiscomsvc.com
644557.com
shouyeshow.com
emtek.site
inspireabossglobal.us
sellmyhouse365.net
ambergrids.xyz
shoptrendyshop.com
b7eb8.com
crystalsbyzoe.com
awfullive.site
rebelgreens.com
depressiqwidv.xyz
mvp69bet.com
selectedandprotected.com
china-jiahe.com
brandonknicely.com
redrodventuresllc.com
tomafer.net
makemeorgasm.net
wihomeoffers.com
bamko.link
secure-01.net
fridayhabit.com
mudeevehkuwpitcicet.site
inversioneskomp.com
oojry.xyz
jibony.com
cellphoneplansiusaweb.com
lianemuhill.com
caroeventos.com
thucphamsachkhaihuy.com
musicjem.com
hbbtv.xyz
meltemilebaskalasim.com
xn--38j0b6c.com
checkupfromtheneckup.net
celikkaya.xyz
Targets
-
-
Target
Payment advice.xlsx
-
Size
317KB
-
MD5
64a7ebd803d51adfbdf6ac59f80c480d
-
SHA1
5cc23d9eb83bcfc85478869c2582a49704e31025
-
SHA256
065082cb9c1f153dd36a418b551c33187148b5f56e28dc14f9208e81c40739c4
-
SHA512
d67f81c93c77489bd04edd781e1625abd8991b1cac9962e592a6c077febb270a85db64f2eaafa9d51f00b1f02391ae4c883bbb35e564d47a44b4f1cc132eb8d0
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-