General
-
Target
PO # 4500027483.xlsx
-
Size
1.2MB
-
Sample
221121-nxvrdsha33
-
MD5
aafbd247a537ed0e95fcc127875f6ccf
-
SHA1
6f6c8c5666cb3f3192079c1eed590bda27b13671
-
SHA256
62b23fa36d6f36c155339eaf037ac87d0117772ee9283a2d3977f006266e7a18
-
SHA512
720299581abbb132a2a551b09b7fb96dea6ce5cb84d1079a46247049a32cdc67574e83a74472c671ec38af52bc004522b186d30cba8f03591cc3ba2ed436eac4
-
SSDEEP
24576:5GWnHBcAkGQuaFWOo1EfT4vMP1igWYzbQ1GuiBeYoXH3ggc9dv29EJa:5nhcAhQuL1EVdWY4SLKggc9B2Ea
Static task
static1
Behavioral task
behavioral1
Sample
PO # 4500027483.xlsx
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO # 4500027483.xlsx
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
4.1
h3ha
ideas-dulces.store
store1995.store
swuhn.com
ninideal.com
musiqhaus.com
quranchart.com
kszq26.club
lightfx.online
thetickettruth.com
meritloancubk.com
lawnforcement.com
sogeanetwork.com
thedinoexotics.com
kojima-ah.net
gr-myab3z.xyz
platiniuminestor.net
reviewsiske.com
stessil-lifestyle.com
goodqjourney.biz
cirimpianti.com
garsouurber.com
dakshaini.com
dingshuitong.com
pateme.com
diablographic.com
elenesse.com
neginoptical.com
junkremovalbedford.com
dunclearnia.bid
arabicadev.com
thelastsize.com
ku7web.net
chaijiaxia.com
shopnexvn.net
gacorking.asia
missmadddison.com
rigapyk.xyz
chain.place
nosesports.com
paymallmart.info
opi-utp.xyz
institutogdb.com
f819a.site
truefundd.com
producteight.com
quasetudo.store
littlelaughsandgiggles.com
rickhightower.com
urbaniteboffin.com
distributorolinasional.com
bcffji.xyz
wwwbaronhr.com
veridian-ae.com
luxeeventsny.net
freedom-hotline.com
lylaixin.com
mathematicalapologist.com
captivatortees.com
rb-premium.com
nairabet365.com
b2cfaq.com
sunroadrunning.com
centaurusvaccination.com
lamegatienda.online
fucktheenemy.com
Targets
-
-
Target
PO # 4500027483.xlsx
-
Size
1.2MB
-
MD5
aafbd247a537ed0e95fcc127875f6ccf
-
SHA1
6f6c8c5666cb3f3192079c1eed590bda27b13671
-
SHA256
62b23fa36d6f36c155339eaf037ac87d0117772ee9283a2d3977f006266e7a18
-
SHA512
720299581abbb132a2a551b09b7fb96dea6ce5cb84d1079a46247049a32cdc67574e83a74472c671ec38af52bc004522b186d30cba8f03591cc3ba2ed436eac4
-
SSDEEP
24576:5GWnHBcAkGQuaFWOo1EfT4vMP1igWYzbQ1GuiBeYoXH3ggc9dv29EJa:5nhcAhQuL1EVdWY4SLKggc9B2Ea
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-