General
-
Target
new order .doc
-
Size
541KB
-
Sample
220127-wqdhjahde2
-
MD5
9563bab56977f2394eb4540bf474ec4a
-
SHA1
c510463933454eb302e2188b300ee92fbed10abb
-
SHA256
a49a3cf3e72aacc6fa302d0b613acb1b611fd8148618a334b5bd6c47b5bac4d5
-
SHA512
fc4fa201724001b0413d78fca57aeb455f0054f22d74738529e86b15deaca800d605365c41d96664cd75671728dba419de255ca1ac98284061da5ade0f0a6d14
Static task
static1
Behavioral task
behavioral1
Sample
new order .rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
new order .rtf
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
a83r
comercializadoralonso.com
durhamschoolservces.com
onegreencapital.com
smartcities24.com
maquinas.store
brianlovesbonsai.com
xin41518s.com
moneyearnus.xyz
be-mix.com
fengyat.club
inspectdecided.xyz
paksafpakistan.com
orhidlnt.top
princesuraj.com
vietnamvodka.com
renewnow.site
imageservices.xyz
luxurytravelfranchise.com
kp112.red
royalyorkfirewood.com
azharrizvi.com
mtvamazon.com
stlouisplatinumhomes.com
ke6rkmtn.xyz
roomviser.xyz
rollcalloutfitters.com
jlautoparts.net
swipyy.xyz
handymansaltlakecity.com
tuespr.com
prelink.xyz
whrpky037.xyz
yoga-4-health.com
silvermoonandcompany.com
meg-roh.com
81218121.com
prayerteamusa.com
ocejxu.com
lopeyhomeimporvementservice.com
dcosearchandconnect.xyz
md-newspages.online
elinmex.online
traineriq.com
feministecologies.com
gyltogether.com
polyversed.com
rodolforios.com
bcfs0l.com
51dmm.com
metaverselivecasinos.com
csjsgk.com
impactincentivesregistry.com
firekim.space
jdzn.xyz
d6ybf7yj.xyz
sturt.xyz
serious-cam.com
stihl-gms.com
gentleman5.xyz
rustbeltcoders.net
hmarketsed96.com
cricfreelive.com
wellyounow.com
fwdrow.com
hstolchsjybyl.com
Targets
-
-
Target
new order .doc
-
Size
541KB
-
MD5
9563bab56977f2394eb4540bf474ec4a
-
SHA1
c510463933454eb302e2188b300ee92fbed10abb
-
SHA256
a49a3cf3e72aacc6fa302d0b613acb1b611fd8148618a334b5bd6c47b5bac4d5
-
SHA512
fc4fa201724001b0413d78fca57aeb455f0054f22d74738529e86b15deaca800d605365c41d96664cd75671728dba419de255ca1ac98284061da5ade0f0a6d14
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-