General
-
Target
5876985.doc
-
Size
10KB
-
Sample
220131-r1eq5aaaa9
-
MD5
b69f10b44dfc89ed9f3c4cce4329e470
-
SHA1
0ddf069cd3b18aeb88cf246d4bd18be2af6e68f4
-
SHA256
22c6cb28e8da3b71d9c3d14f2c1fb8f2b5905fd83a2b8b0b5e5089d336e93ba2
-
SHA512
2601913dd64bb194334aabe4286029b2db588b45732c206cadbf5933e9a04be58db89f863167a46abaee59639ff720b35803b1b01a64e78b266bc9f0755eb719
Static task
static1
Behavioral task
behavioral1
Sample
5876985.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5876985.rtf
Resource
win10v2004-en-20220112
Malware Config
Extracted
formbook
4.1
bt33
mbaonlinefreedegress.info
myforevermaid.com
daoyi365.com
weientm.com
legal-mx.com
formationrigging.com
heidiet.xyz
school-prosto.store
healthvitaminnutrition.com
digitalsolutionusa.com
little-bazar.com
jnbeautycanada.com
optoelek.com
learntoairmail.com
hawkminer.com
kingofearth.love
ktnstay.xyz
zouxin.love
mainlandpr.com
mamm-hummel.com
planosdwgcad.com
dlscordapp.info
northfacecore.online
professionalswhotrade.com
vbcgrp.com
spares245.com
alphasignsatl.online
342731.com
amazingarizonaproperty.com
priorlakecarpetcleaning.com
boardwalksnj.com
shiinebydesign.com
dymends.digital
indie-shopper.com
weihiw.quest
dchehe.com
momshousegeorgia.com
bnvxnohpcuhxbcueuvl.biz
tinyspout.com
hambransupply.com
keywordjord.com
koebnertriangle.com
aodiskoo.com
zgqyjlhw.com
thule-usa.store
western-overseas.online
woofpack-adventures.com
tilallarehome.com
51easyprint.com
arucad.university
llanoseeds.com
3-v0.space
harsors.com
sumiyoshiku-tenisuhiji.xyz
alsafqah.com
wrxworld.net
evrefill.com
multicoopltda.com
ziggytherealtor.com
candidatbellomansour.info
bigpromo.club
evagrombook.com
lyni7lyo.xyz
ways.express
karasevda-jor.com
Targets
-
-
Target
5876985.doc
-
Size
10KB
-
MD5
b69f10b44dfc89ed9f3c4cce4329e470
-
SHA1
0ddf069cd3b18aeb88cf246d4bd18be2af6e68f4
-
SHA256
22c6cb28e8da3b71d9c3d14f2c1fb8f2b5905fd83a2b8b0b5e5089d336e93ba2
-
SHA512
2601913dd64bb194334aabe4286029b2db588b45732c206cadbf5933e9a04be58db89f863167a46abaee59639ff720b35803b1b01a64e78b266bc9f0755eb719
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets service image path in registry
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-