General
-
Target
KOC BQ-2022-PROC-SI-68.xlsx
-
Size
110KB
-
Sample
220725-k45ndsbgej
-
MD5
21889c7c54d86bd8b3e376a8f23e068c
-
SHA1
433870de72541bf95aa33bdd8d03f7039a30e853
-
SHA256
cc5b8184b5f785130a42a53b8600a5d12721f49ee6949d93e3a3722f98604135
-
SHA512
9fc8f6f489a9b13e2fef8a52927d582e5088313a2d1ea35097ab40fea68b949c337bb26f08fac97b981896e7e45c72dc4fbf06d9d9b046c754a5c9a5d2551df9
Static task
static1
Behavioral task
behavioral1
Sample
KOC BQ-2022-PROC-SI-68.xlsx
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
KOC BQ-2022-PROC-SI-68.xlsx
Resource
win10v2004-20220721-en
Malware Config
Extracted
formbook
4.1
s4s9
qianyuandianshang.com
bernardklein.com
slhomeservices.com
findasaas.com
janellelancaster.xyz
umkpro.site
nr6949.online
mersquare.club
lanariproperties.com
3rdeyefocused.com
giftexpress8260.xyz
hilleleven.xyz
beajod.com
kosazs.online
ishare.team
mb314.com
xjjinxingda.com
ayekooprojectamazing.com
ballsybanter.com
todayshoppingbd.com
recomdietvl.store
zakladmalarstwa.com
bj-ours.com
hubwealth.com
watchmyreview.com
sallyliddicoat.com
eventiliveitalia.com
worldchannelconference.com
suciptahadi.online
ksht5566.com
topfastcashsystemwebshop.com
eyeiieyetv.com
thewarchannel.net
valorousgamers.com
vip01ytre.xyz
szec.tech
233365.xyz
specialroute.net
eugenachase.com
pikoulas.com
shorter-658423.site
win8856.com
burleyqpersianscom.com
sidetrackedmusic.com
chungketvinhomesspotlight.com
qiange.site
motconsultant.com
yottatic.com
usaprostatecenter.com
putovanjazasve.com
kozykornerpizza.com
hainpore.com
52appmj.com
albanyskylights.com
keropy.xyz
infosecrety.xyz
ethlogo.com
labohack.com
veridiumid.xyz
gaylebong.com
rsmegastore.com
janschlesinger.com
cshong-ya.com
shopevix.com
preciousssllc.net
Targets
-
-
Target
KOC BQ-2022-PROC-SI-68.xlsx
-
Size
110KB
-
MD5
21889c7c54d86bd8b3e376a8f23e068c
-
SHA1
433870de72541bf95aa33bdd8d03f7039a30e853
-
SHA256
cc5b8184b5f785130a42a53b8600a5d12721f49ee6949d93e3a3722f98604135
-
SHA512
9fc8f6f489a9b13e2fef8a52927d582e5088313a2d1ea35097ab40fea68b949c337bb26f08fac97b981896e7e45c72dc4fbf06d9d9b046c754a5c9a5d2551df9
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-