General
-
Target
ce60eac9955b4024e75b0fe7c3f5114c75c6beec8d5da1d1b0341659fdaacffb.doc
-
Size
925KB
-
Sample
220706-tsrrtsegbm
-
MD5
ded902874fc3f5a79fef983cff9f4b3d
-
SHA1
61e28a4ae7d38458abd251a202a21ea31af2c264
-
SHA256
ce60eac9955b4024e75b0fe7c3f5114c75c6beec8d5da1d1b0341659fdaacffb
-
SHA512
1421b04298497abc59ee034633d70660ff11d603ab8bbf7e214bde4d0515e82bb68554f96b0eb9f25263762c817138c2b4d832cc6fdfc2acd77146529f6e2ede
Static task
static1
Behavioral task
behavioral1
Sample
ce60eac9955b4024e75b0fe7c3f5114c75c6beec8d5da1d1b0341659fdaacffb.rtf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ce60eac9955b4024e75b0fe7c3f5114c75c6beec8d5da1d1b0341659fdaacffb.rtf
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
po23
jacknull.xyz
commonellc.com
topnotchconstructor.com
thescienceofrecruiting.com
bellydancer.company
iforyo.com
hotgirlsseeking24.online
pelleycivil.com
plumblersnearme.com
helpfundabortionohio.com
wineandview.com
youfather.xyz
xsjxly.com
bnfconsults.com
apeholder.com
oldbutterflyevict.space
nara-happylife.com
frontmountedattachments.com
polizzastore.com
bettor-weather.com
vivisportshoes.com
vpsyxney.com
metaphysicalbiohacker.com
web-kontor-hamburg.com
419car.com
o-vertbastiais.com
handsofchia.com
sherispeakssocial.com
idola88.win
layeredbylayne.com
makoto-car.com
bufordsinglestoryhomeslist.com
grow-wings.net
honey-clothing.net
houseofdavidonline.com
aaahp.xyz
20gotas.com
hdamxpj.com
redirect53v.direct
gctomoney.com
dgluxuries.com
023xqbj.com
exulthome.com
chuanghuisz.net
sarvesh.land
squadly.net
universityofwinchester.com
rainbowranchojai.com
hookcrafty.com
jesusdosreis.com
grumfez.online
xaruilan.com
reindeer-exist.com
scarecrowdriver.com
mindamics.com
aqgree.com
fcsbssb.com
hautewired.com
shareingale.com
saborrumbero.com
virtualmichigan.xyz
meranti.pro
cavarma.com
liamhold.com
uscreditgroup.xyz
Targets
-
-
Target
ce60eac9955b4024e75b0fe7c3f5114c75c6beec8d5da1d1b0341659fdaacffb.doc
-
Size
925KB
-
MD5
ded902874fc3f5a79fef983cff9f4b3d
-
SHA1
61e28a4ae7d38458abd251a202a21ea31af2c264
-
SHA256
ce60eac9955b4024e75b0fe7c3f5114c75c6beec8d5da1d1b0341659fdaacffb
-
SHA512
1421b04298497abc59ee034633d70660ff11d603ab8bbf7e214bde4d0515e82bb68554f96b0eb9f25263762c817138c2b4d832cc6fdfc2acd77146529f6e2ede
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
ModiLoader Second Stage
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-