General
-
Target
RFQ- PO 31005.doc
-
Size
4KB
-
Sample
220530-s5lwnseear
-
MD5
3917a40caa205181ac6e73239ad3a8ee
-
SHA1
bbb50ef471084e5e3c7fdb41f1c7cb078c1d9a33
-
SHA256
f8d38396ca27592174d246b82f3fdfb2a1b0cecc296d67d236cf0502d6bf1ce8
-
SHA512
6743d699dd0bd8dc8001f3912c2b87d7dada1f6a7bcd3b345b54bb97cd0ac4e90ccf9512e720f48b7cfad26ad8ebaf44313077c418b528c3ce18e0d000eed456
Static task
static1
Behavioral task
behavioral1
Sample
RFQ- PO 31005.rtf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ- PO 31005.rtf
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
nk6l
cbnextra.com
entitysystemsinc.com
55midwoodave.com
ebelizzi.com
khojcity.com
1527brokenoakdrive.site
housinghproperties.com
ratiousa.com
lrcrepresentacoes.net
tocoec.net
khadamatdemnate.com
davidkastner.xyz
gardeniaresort.com
qiantangguoji.com
visaprepaidprocessinq.com
cristinamadara.com
semapisus.xyz
mpwebagency.net
alibabasdeli.com
gigasupplies.com
quantumskillset.com
eajui136.xyz
patsanchezelpaso.com
trined.mobi
amaturz.info
approveprvqsx.xyz
fronterapost.house
clairewashere.site
xn--3jst70hg8f.com
thursdaynightthriller.com
primacykapjlt.xyz
vaginette.site
olitusd.com
paypal-caseid521.com
preose.xyz
ferbsqlv28.club
iffiliatefreedom.com
okdahotel.com
cochuzyan.xyz
hotyachts.net
diamond-beauties.com
storyofsol.com
xianshucai.net
venusmedicalarts.com
energiaorgonu.com
savannah.biz
poeticdaily.com
wilddalmatian.com
kdydkyqksqucyuyen.com
meanmod.xyz
kaka.digital
viewcision.com
wowzerbackupandrestore-us.com
hydrogendatapower.com
427521.com
ponto-bras.space
chevalsk.com
hnftdl.com
nanasyhogar.com
createacarepack.com
wildkraeuter-wochenende.com
uchihomedeco.com
quintongiang.com
mnbvending.com
rthearts.com
Targets
-
-
Target
RFQ- PO 31005.doc
-
Size
4KB
-
MD5
3917a40caa205181ac6e73239ad3a8ee
-
SHA1
bbb50ef471084e5e3c7fdb41f1c7cb078c1d9a33
-
SHA256
f8d38396ca27592174d246b82f3fdfb2a1b0cecc296d67d236cf0502d6bf1ce8
-
SHA512
6743d699dd0bd8dc8001f3912c2b87d7dada1f6a7bcd3b345b54bb97cd0ac4e90ccf9512e720f48b7cfad26ad8ebaf44313077c418b528c3ce18e0d000eed456
-
suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-