General
-
Target
new PO.doc
-
Size
11KB
-
Sample
220127-wlb4xahda2
-
MD5
7a61e1f2990ed01daba36a19255a7967
-
SHA1
f35678a6116f884a65f8ff77e4c0e4efdd65f792
-
SHA256
916b82ec72b04beca20629129e3401d2f06a76026d12cd3c41fc28b927fbdf83
-
SHA512
e0ab039f84b7ace5c8a9a9d3ede87a65a19ae7d624529af27f2ea94c3e21a7b658efee226f995ac81863135d3b6542f272aa9e5e89c4042ca1d0e4d569222639
Static task
static1
Behavioral task
behavioral1
Sample
new PO.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
new PO.rtf
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
a83r
comercializadoralonso.com
durhamschoolservces.com
onegreencapital.com
smartcities24.com
maquinas.store
brianlovesbonsai.com
xin41518s.com
moneyearnus.xyz
be-mix.com
fengyat.club
inspectdecided.xyz
paksafpakistan.com
orhidlnt.top
princesuraj.com
vietnamvodka.com
renewnow.site
imageservices.xyz
luxurytravelfranchise.com
kp112.red
royalyorkfirewood.com
azharrizvi.com
mtvamazon.com
stlouisplatinumhomes.com
ke6rkmtn.xyz
roomviser.xyz
rollcalloutfitters.com
jlautoparts.net
swipyy.xyz
handymansaltlakecity.com
tuespr.com
prelink.xyz
whrpky037.xyz
yoga-4-health.com
silvermoonandcompany.com
meg-roh.com
81218121.com
prayerteamusa.com
ocejxu.com
lopeyhomeimporvementservice.com
dcosearchandconnect.xyz
md-newspages.online
elinmex.online
traineriq.com
feministecologies.com
gyltogether.com
polyversed.com
rodolforios.com
bcfs0l.com
51dmm.com
metaverselivecasinos.com
csjsgk.com
impactincentivesregistry.com
firekim.space
jdzn.xyz
d6ybf7yj.xyz
sturt.xyz
serious-cam.com
stihl-gms.com
gentleman5.xyz
rustbeltcoders.net
hmarketsed96.com
cricfreelive.com
wellyounow.com
fwdrow.com
hstolchsjybyl.com
Targets
-
-
Target
new PO.doc
-
Size
11KB
-
MD5
7a61e1f2990ed01daba36a19255a7967
-
SHA1
f35678a6116f884a65f8ff77e4c0e4efdd65f792
-
SHA256
916b82ec72b04beca20629129e3401d2f06a76026d12cd3c41fc28b927fbdf83
-
SHA512
e0ab039f84b7ace5c8a9a9d3ede87a65a19ae7d624529af27f2ea94c3e21a7b658efee226f995ac81863135d3b6542f272aa9e5e89c4042ca1d0e4d569222639
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-