General
-
Target
Solink quotation 001 56327 27.06.2022.xlsx
-
Size
163KB
-
Sample
220628-kbvmqagbcr
-
MD5
8639b3fe327dffdd19d7b06f03aec4b3
-
SHA1
63794504c8c28ae45c8e3be78defb5437de3a8b7
-
SHA256
1b9b86b949cb2665f607902896b624fc29a185a451750c232cf88937286c1417
-
SHA512
75079359e6a2bfc6279441e3d04a2047fa11d8380bad85548e84f49da8223c46dd10d7d9f44de762d8c8487d5fe091672682bc777dc9da19b82d49ac9958b6b1
Static task
static1
Behavioral task
behavioral1
Sample
Solink quotation 001 56327 27.06.2022.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Solink quotation 001 56327 27.06.2022.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
ba17
bearwant.com
sdsguanfang.com
steamcommunityvia.top
sugarplumtreasures.com
koronislakefishing.com
jmae.xyz
xhxnqemkiqe.xyz
playzcrew.com
zatwsbq.com
lankofix.com
sh-zhepeng.com
mibodamisxv.online
butterflyjewelry.store
finestrecitalto-spottoday.info
globomateria.com
royalmdarts.com
d4af10836709.com
shepwill.com
67aldrich.info
trustedmakers.club
burdiezholdings.com
facialcoach.com
hunterous.com
carei.xyz
positivityintheworkplace.com
top1productjapan.online
camperrentnovara.com
nostalgiaz.xyz
prepperandsalt.com
platinum-swallow-nest.com
jmdadoag.com
cornerstonesolarconsulting.com
carmelhasit.com
hospitalaurelia.com
epolystars.com
best5psychicreadingsites.com
cbradleyowens.com
cmshelps.com
leclefsdor.com
male-muscle-slave.cloud
eselinchen.com
statesunitedaction.net
goweet.com
hififurniturehouse.info
alphacapitaltrust.online
hotsellmed.com
sunxueling.com
firstclass-poolservice.com
tuveranopelayo.com
wayangslot.net
joseauto.net
consinko.com
pacificoffshorecharters.com
steemboard.xyz
poollife.info
miraihenokoibumi.net
mfh-sa.com
seontra.xyz
openfaders.com
guardianz.online
purse.gold
affaire-chaba.com
rosency.xyz
somethingform.site
digitalpursuitsonline.com
Targets
-
-
Target
Solink quotation 001 56327 27.06.2022.xlsx
-
Size
163KB
-
MD5
8639b3fe327dffdd19d7b06f03aec4b3
-
SHA1
63794504c8c28ae45c8e3be78defb5437de3a8b7
-
SHA256
1b9b86b949cb2665f607902896b624fc29a185a451750c232cf88937286c1417
-
SHA512
75079359e6a2bfc6279441e3d04a2047fa11d8380bad85548e84f49da8223c46dd10d7d9f44de762d8c8487d5fe091672682bc777dc9da19b82d49ac9958b6b1
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-