General
-
Target
Alligator Pty Ltd Quote.doc
-
Size
11KB
-
Sample
220127-qaz4psdagn
-
MD5
5ca2cd21f345b9af1dcb83321284c60f
-
SHA1
858e1756867ad4c771ea5065fc5b42de2e1f0a7c
-
SHA256
d76844ff49e147c7c93bafadbafe15eced2ab1ab22ffe4a0fd93434bba4351f8
-
SHA512
6be94ca0705eaa78c437819b0a66d2f87c34ceab51ab4b73e632b5c5961eb54157bd746b3012e640a3880346a539a71f7f3bf0b022c612486ee1f18768780634
Static task
static1
Behavioral task
behavioral1
Sample
Alligator Pty Ltd Quote.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Alligator Pty Ltd Quote.rtf
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
cw22
betvoy206.com
nftstoners.com
tirupatibuilder.com
gulldesigns.com
shemhq.com
boricosmetic.com
bitcoinbillionaireboy.com
theflypaperplanes.com
retrocartours.com
yangzhie326.com
cheepchain.com
sentryr.com
luckirentalhomes.com
pointssquashers.com
dianasarabiantreasures.com
calendarsilo.com
sublike21.xyz
gajubg0up.xyz
lousfoodreviews.com
fades.site
276a.xyz
chopkingstamp.com
parcelfrance.com
lcntrust.com
aeeg-austria.com
trogen24.net
widepeepohappy.xyz
hogekortingen.com
trump-is-right.net
legacyfarmsgeorgia.com
dingbuzhule.com
teckelgruppe-raben.com
qianshuhua.com
onsdia.xyz
sectorquant.com
automatenstudent.com
bathkithcenandtile.com
lasvegasphonerepairs.com
riselsat.com
myvafterdark.com
whispersystems.net
technicolorday.com
renetextile.xyz
cchcolo.com
professorjoshi.com
capybarashop.com
alfredoreyessci.com
w124blog.com
vdsdev77.com
helloentepriseg1.com
denlab.net
triviamillionairewin.com
jelofly.com
09m370uz.xyz
reple-top2.com
riosgames.xyz
teaberryadvisors.com
satgerv.online
galenika.net
landspeedlogistics.com
familiesgivinghope.com
moisuhop-channel.xyz
chambres-d-hotes-marrakech.com
realizefinanceirorennerr.com
playthemove.info
Targets
-
-
Target
Alligator Pty Ltd Quote.doc
-
Size
11KB
-
MD5
5ca2cd21f345b9af1dcb83321284c60f
-
SHA1
858e1756867ad4c771ea5065fc5b42de2e1f0a7c
-
SHA256
d76844ff49e147c7c93bafadbafe15eced2ab1ab22ffe4a0fd93434bba4351f8
-
SHA512
6be94ca0705eaa78c437819b0a66d2f87c34ceab51ab4b73e632b5c5961eb54157bd746b3012e640a3880346a539a71f7f3bf0b022c612486ee1f18768780634
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-