General
-
Target
RFQ2201002 PFK.xlsx
-
Size
1.4MB
-
Sample
220126-pnbsladbd3
-
MD5
073a56cf012776f595d4a6b3fe8db7d9
-
SHA1
af45c60581e83fa5397a555941881ff1348eaae8
-
SHA256
7a5a6d15651f1da626bdf3859936a578e326fe9bae889a5424fae4ec553924ec
-
SHA512
fbbcb7feeec63c0296e7c90c6a681c19a09c3a4b650a7982970a023946997bda4fd406ffb1c063a33786ac705c4c1c1f5da11b50dfe2a08f8422c63ef4d0c572
Static task
static1
Behavioral task
behavioral1
Sample
RFQ2201002 PFK.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
RFQ2201002 PFK.xlsx
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
h4d0
onlinefinejewelry.com
samstringermusic.com
beam-lettings.info
optimumcoin.xyz
fasa.xyz
creativedime.com
eihncuz.online
griffin2008.top
europcarlive.com
jxhcar.com
museumsshop.international
bonolaboral-lnterbank.com
kelebandis.xyz
hiddenlakeranch.net
carelessyouth.com
jfkilfoil.store
potok-it-ua.site
magdulemediation.com
shakadal.xyz
coastconstructionfl.com
wilsonbrosvanlines.com
collagenroaster.com
thegetawayspace.com
grittybeetsproduction.com
ieemyanmar.com
gyozaviajera.com
familie-leben.info
finnbd.com
nomasrevolving.com
gtstudios.art
sergesur.com
hnljgame.com
lakemould.com
kandanmart.com
devinbutler.com
everythingisdetermined.com
justift96.com
crose.info
pb6111.com
thecollarcollective.com
jrc8899.com
studiocrypto.xyz
sadrarobotics.com
carpimuebles.com
chinaqcgg.com
ninjixiang.net
thewildexplorerabin.com
realestatenebraskanews.com
metaversenitro.com
com171ksw.xyz
fammilee.com
farmstoragesolution.com
some-things.net
kedaiwangi.one
aztrac.net
webzyn.xyz
cell-mex.com
argusprojects.com
jcaemporium.com
xfgyun.store
xdhgrl.com
creating-club.com
masterproperty34.com
joyemotion.com
voxelsoxx.xyz
Targets
-
-
Target
RFQ2201002 PFK.xlsx
-
Size
1.4MB
-
MD5
073a56cf012776f595d4a6b3fe8db7d9
-
SHA1
af45c60581e83fa5397a555941881ff1348eaae8
-
SHA256
7a5a6d15651f1da626bdf3859936a578e326fe9bae889a5424fae4ec553924ec
-
SHA512
fbbcb7feeec63c0296e7c90c6a681c19a09c3a4b650a7982970a023946997bda4fd406ffb1c063a33786ac705c4c1c1f5da11b50dfe2a08f8422c63ef4d0c572
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-