General
-
Target
a484105defae733d7099ebd959a828d1
-
Size
27KB
-
Sample
220922-2bepyacdg9
-
MD5
a484105defae733d7099ebd959a828d1
-
SHA1
c0345a9bd3576aa90a02d3bc665ccaffd4f64f72
-
SHA256
48d796a071618c584689b8f128a60b05411c1caf71cb98fb0cc813937978262b
-
SHA512
43693229f6691e16b5769ca2f861b7e2b60894e9a40c220459b2bce335ef0f7a06ae260b739ad314f7edd1cbd9d07c0780b8e8006b24665bb338394602173a6f
-
SSDEEP
768:mQTPVCU6Ji2JJiH5ulryR4xDP162gzCh4BF1c:WoRCj1D4CCXc
Behavioral task
behavioral1
Sample
Order No- CW289170-A & CW201.docx
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Order No- CW289170-A & CW201.docx
Resource
win10v2004-20220901-en
Malware Config
Extracted
http://1806450061/...----------------------.................-----------------------......-------/............390.doc
Extracted
formbook
4.1
sde7
lolfilmfestival.com
pousdaobosque.com
tangierfilm.com
valuedassist.com
qcrluxuryrentals.com
poc4cloudx.com
irizh.art
flowsever.com
serios-lifestyle.com
abc-diomain.com
bmwoemwarehouse.com
vivelamoda.com
thesycorax.online
goodjob129.com
hudyeanamaze.com
pabcp.com
millennialworkouts.com
gpcr-compound-library.com
rotyupin.xyz
hnkcsm.com
tgcsi.com
atfirstbank.com
kk-casemanagement.com
holiie.online
collier-secret-sept-cieux.com
evibnb.com
bestfortherest.icu
courier-order.info
hrcpetrol.com
impresaallitaliana.com
primaldirective.com
ezpromolink.com
stgilesjms.co.uk
bolometrics.com
pura-vida-apts.com
mumbaitowingservice.com
coloradomicrogreens.net
wallarts.space
yahtjd.com
digitalkreativeco.com
skopeintechnology.com
casalindatabletop.com
handmadebeauty.net
thc-olie-shop.store
xel-toys.com
youngqueen.club
maltepeescort.club
weylanstroic.xyz
kingdombuilders-group.com
strange-ratings.com
yuma-airbox.com
biuysjcims.icu
itsourworld.biz
seobet.online
decisionsandplanning.com
blanka.beauty
hsbanye.com
2elevenmezcal.co.uk
liveoutloud4u.com
ronlynngardens.com
resorttag.com
marcelldiahwedding.faith
ez-lyfe.net
celebrityauctions.net
paidpertv.biz
Targets
-
-
Target
Order No- CW289170-A & CW201.docx
-
Size
10KB
-
MD5
f4c5e11473a31d7fd0151e8e8683f21f
-
SHA1
a7fa06063b79ed4c06bae700037acc76b25a3910
-
SHA256
63fe91092f04f3f6aabadb33860c0816ac70ec80a335361096126a2d0246e501
-
SHA512
5fb8d76c3d0c08ce190e5bfe46c985ae010632be08263956e0c74c71c72e5af5280dc52b467a6b2b179eb6a6e094634004458b256d3d69ed8e5bd0a586487b07
-
SSDEEP
192:ScIMmtPf+CUG/bA3/w2OHrdlJFmQDZ7rhhap308Z:SPXumAOHjJFmIZfhMFJ
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-