General
-
Target
new PO.doc
-
Size
11KB
-
Sample
220127-qacneadeb4
-
MD5
e3d32174d143f46aaf7b43e6862486a6
-
SHA1
d935eb9f53e0abface9c121fbd7e49a25937711b
-
SHA256
ed0af10c135f953a2099dee2aad9ef39fbd2c4b942a0bbeaea1e1bfe341a0d7c
-
SHA512
5e57067080c9280b034af90f9d42085103a407d5c9487b2c5b720a105d01b9f7033d9a5ac7d1246adcca2c049cefd3b6599b4a0c41c0451da01e7244983c6091
Static task
static1
Behavioral task
behavioral1
Sample
new PO.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
new PO.rtf
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
fezu
palisadeshiking.com
lusteror.com
blogmisaficiones.com
firstprinciplesteam.com
theindoorfarmer.info
sddn55.xyz
womensclothingonlineshop.com
amourneim.com
getlumichargeserver.com
mynegociodev.com
xn--riq159j.com
the-social-hub.com
buypremiumvpn.xyz
brightnes.info
catmanshopper.com
michellepalacdesigns.com
moveventurecapital.com
nzhzygba.com
papahungry.com
electric-classic-bike.com
kathryte.online
problemasconelperro.com
harpo-solutions.com
get300cvamoscampagins.net
estabuloburgers.com
nextgenanalyst.info
e-globalschool.com
jayashkesri.com
goldenbearlumber.com
mkhygien.com
auctionwisdom.com
excelsiornotaryfl.com
bundesfinanzeministerium-de.com
financialservicesforyou.com
pyjama-france.com
atlascustomcreations.com
ban-clicks.com
springmassagealexandria.com
assessoriatrie.com
vnethotspot.online
anabrening.com
bestofpompanobeach.net
hewhorunswithscissors.com
18130072012.com
swishoral.com
hussjekk.online
bcw.today
serenderserenity.com
waculba.com
yz1866.com
xn--v69az2lp0m6hebte8i.com
rolfeichelmann.com
unwaiting.com
itechmoniter.com
orlandoapartmentguide.com
lesakdhj5.com
xn--jkrx19do7i5xoz3d.asia
charcutrements.com
stoneridge.properties
bestshapeketo.com
njdlxdc.com
renotechllc.net
wasjesusmarried.net
karandrin.com
ferasan.com
Targets
-
-
Target
new PO.doc
-
Size
11KB
-
MD5
e3d32174d143f46aaf7b43e6862486a6
-
SHA1
d935eb9f53e0abface9c121fbd7e49a25937711b
-
SHA256
ed0af10c135f953a2099dee2aad9ef39fbd2c4b942a0bbeaea1e1bfe341a0d7c
-
SHA512
5e57067080c9280b034af90f9d42085103a407d5c9487b2c5b720a105d01b9f7033d9a5ac7d1246adcca2c049cefd3b6599b4a0c41c0451da01e7244983c6091
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-