General
-
Target
SecuriteInfo.com.Exploit.ShellCode.69.16531.4903.rtf
-
Size
14KB
-
Sample
220923-en37qshacp
-
MD5
0a15ee96cad434726960422d629063c5
-
SHA1
b46ca3d9e2daf5b200453b991ea9cc294aa06e35
-
SHA256
5a6fcfcd7ef3d202d078f89b474640057b1c18ea5a600869bb512aa91dcea79d
-
SHA512
045b7ca80d6f5d94ee60b908f53180f141825af0782ba447ec1094092f08a0a557863a573c902699652a1c9d1d6693e611e9ab19907001dd8c85b59161699bcc
-
SSDEEP
192:aGUiYNyinwxoeFeInaJSZ0kxP+zfmCvTtzrj5FYgETJCmIJmLF1cf6oMmhEqm:lUpsbpnaAZ0kV0rx3bkemhu6oLEqm
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.ShellCode.69.16531.4903.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.ShellCode.69.16531.4903.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
formbook
4.1
sde7
lolfilmfestival.com
pousdaobosque.com
tangierfilm.com
valuedassist.com
qcrluxuryrentals.com
poc4cloudx.com
irizh.art
flowsever.com
serios-lifestyle.com
abc-diomain.com
bmwoemwarehouse.com
vivelamoda.com
thesycorax.online
goodjob129.com
hudyeanamaze.com
pabcp.com
millennialworkouts.com
gpcr-compound-library.com
rotyupin.xyz
hnkcsm.com
tgcsi.com
atfirstbank.com
kk-casemanagement.com
holiie.online
collier-secret-sept-cieux.com
evibnb.com
bestfortherest.icu
courier-order.info
hrcpetrol.com
impresaallitaliana.com
primaldirective.com
ezpromolink.com
stgilesjms.co.uk
bolometrics.com
pura-vida-apts.com
mumbaitowingservice.com
coloradomicrogreens.net
wallarts.space
yahtjd.com
digitalkreativeco.com
skopeintechnology.com
casalindatabletop.com
handmadebeauty.net
thc-olie-shop.store
xel-toys.com
youngqueen.club
maltepeescort.club
weylanstroic.xyz
kingdombuilders-group.com
strange-ratings.com
yuma-airbox.com
biuysjcims.icu
itsourworld.biz
seobet.online
decisionsandplanning.com
blanka.beauty
hsbanye.com
2elevenmezcal.co.uk
liveoutloud4u.com
ronlynngardens.com
resorttag.com
marcelldiahwedding.faith
ez-lyfe.net
celebrityauctions.net
paidpertv.biz
Targets
-
-
Target
SecuriteInfo.com.Exploit.ShellCode.69.16531.4903.rtf
-
Size
14KB
-
MD5
0a15ee96cad434726960422d629063c5
-
SHA1
b46ca3d9e2daf5b200453b991ea9cc294aa06e35
-
SHA256
5a6fcfcd7ef3d202d078f89b474640057b1c18ea5a600869bb512aa91dcea79d
-
SHA512
045b7ca80d6f5d94ee60b908f53180f141825af0782ba447ec1094092f08a0a557863a573c902699652a1c9d1d6693e611e9ab19907001dd8c85b59161699bcc
-
SSDEEP
192:aGUiYNyinwxoeFeInaJSZ0kxP+zfmCvTtzrj5FYgETJCmIJmLF1cf6oMmhEqm:lUpsbpnaAZ0kV0rx3bkemhu6oLEqm
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-