General
-
Target
SOA.xlsx
-
Size
1.7MB
-
Sample
221122-h2tr1adf76
-
MD5
6d0ffda3d403e12607337606c8247225
-
SHA1
7443723afdd701a4b381ff07994728044c865b12
-
SHA256
075f8ce203bde3729623ea42defc5f6308741f4865c3b4f50cc50d9b3b256bcf
-
SHA512
97bebc571a38a6500351408deec7c72f3db28ca00fc73b15c7f96303e3e4430fd4cef9e624029a28f55e75d70c37da7d287f77f4c513224d5bb1827e25d56807
-
SSDEEP
49152:6yr5O9tOjxHHDoS2rsVnmQsfr6ijGG0Weynbkpr:DY9tOjxHHDoS7Kr6tkH2r
Static task
static1
Behavioral task
behavioral1
Sample
SOA.xlsx
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SOA.xlsx
Resource
win10v2004-20220812-en
Malware Config
Extracted
formbook
4.1
sk19
21diasdegratitud.com
kx1993.com
chasergt.com
837news.com
naturagent.co.uk
gatorinsurtech.com
iyaboolashilesblog.africa
jamtanganmurah.online
gguminsa.com
lilliesdrop.com
lenvera.com
link48.co.uk
azinos777.fun
lgcdct.cfd
bg-gobtc.com
livecarrer.uk
cbq4u.com
imalreadygone.com
wabeng.africa
jxmheiyouyuetot.tokyo
atrikvde.xyz
ceopxb.com
autovincert.com
18traversplace.com
internetmedianews.com
entersight.net
guzmanshandymanservicesllc.com
gqqwdz.com
emeraldpathjewelery.com
flowmoneycode.online
gaziantepmedicalpointanket.com
111lll.xyz
irkwood138.site
abovegross.com
shopabeee.co.uk
greenvalleyfoodusa.com
dd-canada.com
libertysminings.com
baronsaccommodation.co.uk
kareto.buzz
freeexercisecoalition.com
73129.vip
avanteventexperiences.com
comercialdiabens.fun
nondescript.uk
facal.dev
detox-71934.com
kovar.club
jetsparking.com
infocuspublicidad.com
xxhcom.com
indianvoltage.com
becrownedllc.com
3744palosverdes.com
gospelnative.africa
linkmastermind.com
cotgfp.com
lousweigman.com
cantoaffine.online
debbiepatrickdesigns.com
766626.com
webcubemedia.africa
autonomaat.com
hannahmarsh.co.uk
justbeand.com
Targets
-
-
Target
SOA.xlsx
-
Size
1.7MB
-
MD5
6d0ffda3d403e12607337606c8247225
-
SHA1
7443723afdd701a4b381ff07994728044c865b12
-
SHA256
075f8ce203bde3729623ea42defc5f6308741f4865c3b4f50cc50d9b3b256bcf
-
SHA512
97bebc571a38a6500351408deec7c72f3db28ca00fc73b15c7f96303e3e4430fd4cef9e624029a28f55e75d70c37da7d287f77f4c513224d5bb1827e25d56807
-
SSDEEP
49152:6yr5O9tOjxHHDoS2rsVnmQsfr6ijGG0Weynbkpr:DY9tOjxHHDoS7Kr6tkH2r
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-