General
-
Target
GMC_24012022.doc
-
Size
2.2MB
-
Sample
220125-k6rjjsche5
-
MD5
c6a05784a4d3f27b85ad311e8dd64607
-
SHA1
7bd8a297f3a95fa6e6b756094785d90d11f26099
-
SHA256
d9867bff3beee631dde942e6425b7ef4edce67b251453d360e71ec655b929bc9
-
SHA512
49539dfd171214c3d48f2447d6e138724b8de40e215365430208207fb6f524d8eac32386a1eb48d49f686a85c9a6bd0f374f75e815f0f0ed41eaa42f3de02f4d
Static task
static1
Behavioral task
behavioral1
Sample
GMC_24012022.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
GMC_24012022.rtf
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
dt23
acresyetthrow.xyz
botoxforchronicmigraine.com
bulletproofrzr.com
curiaegroup.com
7seasvisas.com
dofastig.com
xu6gfskoedlj.xyz
indoorindia.com
cinejunky.xyz
projectsunshine.info
wefmans.com
gv3f9asm.xyz
couriergbblogistics.com
tcd-ussf.com
ssmgk.com
beeyou-photography.com
agulhanopalheirobrecho.xyz
damlacreative.xyz
businessinvestmentcanada.today
makingwavesbyterra.com
foresightfundingconsultants.com
fortbendisdstudenthomepage.com
suip.online
higherlevelcontent.com
dingzhiwuhu.com
sans-sanity.com
nashvillesportsauthority.com
clarvazatoareaana.com
xn--malagueamg-z9a.com
datapendukung.com
europetopjob.com
hostingboliviano.com
butdex.online
azbrotherskoreadates.com
siguemipaso.com
rcthanenorth.com
peramidtown.com
hcmslyj.com
bikepackig.com
myparty-store.com
buildngs.com
comptesbancaireswebfr.com
aankoopbegeleider.com
wolfcapitalinvestment.com
mydreamstates.com
makelittlerockgreatagain.com
agripsychbeam.com
thoughtsofaith.com
modepride.one
odocos.com
taylormadewoodwork.com
chevlot.com
footiclub.com
allai-stekt.com
completeinstructoracademy.com
kailo-listjournal.com
oregonspecialistgroup.com
poscyprus.com
awfencestaining-tx.com
qs009.com
tuyauhorizontalcoud.com
atonmnicxwallet.com
godrejriviera-ambivali.info
1michiganlightning.com
shshkj.com
Targets
-
-
Target
GMC_24012022.doc
-
Size
2.2MB
-
MD5
c6a05784a4d3f27b85ad311e8dd64607
-
SHA1
7bd8a297f3a95fa6e6b756094785d90d11f26099
-
SHA256
d9867bff3beee631dde942e6425b7ef4edce67b251453d360e71ec655b929bc9
-
SHA512
49539dfd171214c3d48f2447d6e138724b8de40e215365430208207fb6f524d8eac32386a1eb48d49f686a85c9a6bd0f374f75e815f0f0ed41eaa42f3de02f4d
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook Payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-