General
-
Target
Order details.xlsx
-
Size
176KB
-
Sample
220706-qhxcsadbcj
-
MD5
36e3875fa058105bc9eedb62543d3816
-
SHA1
ee1efdb171829d12f3f2eb43a4e3321121b58397
-
SHA256
54addec2aa97b3938c4ff81ee36cb37d4d3597b3c7b81f3e8106ba35e1bcbd0b
-
SHA512
18678a33e3b3320f2e0b57484871a06cfc3a2ce2e6e4a9ab6c01c1c57664eb2e42c224cfc1f7ad78fde503699edf879156fecc1fdf63895e61e4387706ac0d53
Static task
static1
Behavioral task
behavioral1
Sample
Order details.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order details.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
s3s3
tvielotus.com
teesta.xyz
talentrecruitor.com
pamaungipb.com
xn--90ahkh6a6b8b.site
910carolina.com
toyotaecoyouth-dev.com
invetnables.com
gdexc.com
ssw168.com
householdmould.com
mqttradar.xyz
t333c.com
thepausestudio.com
evershedsutherlands.com
asbdataplus.com
preddylilthingz.com
jepwu.com
tvlido.com
artovus.com
trainingmagazineme.com
rettar.net
underneathstardoll.com
babipiko21.site
getvpsdime.com
accentsfurniture.com
cutdowns.tech
teklcin.online
sunshareesg.com
eventrewards.site
lacomunaperu.com
a-tavola.online
gshund.com
monsterflixer.com
896851.com
carpetlandcolortileflint.com
filmproduction.management
cherie-clinique.com
medjoker.com
grant-helpers.site
sussdmortgages.com
solaranlagen-forum.com
freecustomsites.com
h7578.com
ideadly.com
backend360.com
podgorskidesign.com
zilinsky.taxi
ourelevatetribe.com
thefitnesswardllc.com
eficazindustrial.com
thecovefishcamp.com
niuxy.com
myluxurypals.com
clinicadentalvelinta.com
dis99.com
crosswealth.xyz
itopjob.com
oandbcleaningservices.com
afri-solutions.com
paradiseoe.com
versionespublicas.com
b2lonline.com
usdcmeta.xyz
bense003.xyz
Targets
-
-
Target
Order details.xlsx
-
Size
176KB
-
MD5
36e3875fa058105bc9eedb62543d3816
-
SHA1
ee1efdb171829d12f3f2eb43a4e3321121b58397
-
SHA256
54addec2aa97b3938c4ff81ee36cb37d4d3597b3c7b81f3e8106ba35e1bcbd0b
-
SHA512
18678a33e3b3320f2e0b57484871a06cfc3a2ce2e6e4a9ab6c01c1c57664eb2e42c224cfc1f7ad78fde503699edf879156fecc1fdf63895e61e4387706ac0d53
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-