General
-
Target
Purchase Order.doc
-
Size
432KB
-
Sample
220125-yatkxsdefk
-
MD5
8476c8f3efac1a6006ada1f0e18524b7
-
SHA1
f28ba53905e5d3324da5926924b6049d9183d301
-
SHA256
b12b3b6f87f35d7b2cdb52ec2558f2087155bc5f580b6a9083b05a73263a901f
-
SHA512
97e61671142e064242ab3096c17b02ed450b9359a4e854c9df5e47cd96d9133597a6a33b3bcb85bc07a1b2ed73a92c63ccd624c737d839d85d2206aeb8a27820
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Purchase Order.rtf
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
fezu
palisadeshiking.com
lusteror.com
blogmisaficiones.com
firstprinciplesteam.com
theindoorfarmer.info
sddn55.xyz
womensclothingonlineshop.com
amourneim.com
getlumichargeserver.com
mynegociodev.com
xn--riq159j.com
the-social-hub.com
buypremiumvpn.xyz
brightnes.info
catmanshopper.com
michellepalacdesigns.com
moveventurecapital.com
nzhzygba.com
papahungry.com
electric-classic-bike.com
kathryte.online
problemasconelperro.com
harpo-solutions.com
get300cvamoscampagins.net
estabuloburgers.com
nextgenanalyst.info
e-globalschool.com
jayashkesri.com
goldenbearlumber.com
mkhygien.com
auctionwisdom.com
excelsiornotaryfl.com
bundesfinanzeministerium-de.com
financialservicesforyou.com
pyjama-france.com
atlascustomcreations.com
ban-clicks.com
springmassagealexandria.com
assessoriatrie.com
vnethotspot.online
anabrening.com
bestofpompanobeach.net
hewhorunswithscissors.com
18130072012.com
swishoral.com
hussjekk.online
bcw.today
serenderserenity.com
waculba.com
yz1866.com
xn--v69az2lp0m6hebte8i.com
rolfeichelmann.com
unwaiting.com
itechmoniter.com
orlandoapartmentguide.com
lesakdhj5.com
xn--jkrx19do7i5xoz3d.asia
charcutrements.com
stoneridge.properties
bestshapeketo.com
njdlxdc.com
renotechllc.net
wasjesusmarried.net
karandrin.com
ferasan.com
Targets
-
-
Target
Purchase Order.doc
-
Size
432KB
-
MD5
8476c8f3efac1a6006ada1f0e18524b7
-
SHA1
f28ba53905e5d3324da5926924b6049d9183d301
-
SHA256
b12b3b6f87f35d7b2cdb52ec2558f2087155bc5f580b6a9083b05a73263a901f
-
SHA512
97e61671142e064242ab3096c17b02ed450b9359a4e854c9df5e47cd96d9133597a6a33b3bcb85bc07a1b2ed73a92c63ccd624c737d839d85d2206aeb8a27820
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-