General
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.25561.19599.rtf
-
Size
2KB
-
Sample
221123-ml5a1sed72
-
MD5
4b14561c9f2621d61539efcf95bc9005
-
SHA1
395f327ba50f436bf3b92d54252d2641743e23f6
-
SHA256
d7f8ae465ac4eaca7c6a61818c3350a613d1a8dadb3d26b5e58b4150be145fac
-
SHA512
784619dbc5b9fcefcecfc1e3f56341f3095c8cf9a23b1531853d5af354c94371bd7dc66f23f7cb30732c81f69a7de9a8ce6eb329bb918bdd0d9e79390b73deda
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.25561.19599.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.25561.19599.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
formbook
4.1
lt63
fortrantelecom.africa
ffafa.buzz
bullybrain.com
ekeisolutions.com
lamiamira.com
noahsark.xyz
beautyby-eve.com
cloudfatory.com
12443.football
hataykultur.online
donqu3.sexy
breakthroughaustralia.com
havengpe.com
cpxlocatup.info
corefourpartners.com
amonefintech.com
thithombo.africa
bassmaty.store
fdshdsr.top
lifesoapsimple.com
divaproportugal.com
footwearbags.com
ivbusinessservices.com
93215.vip
livescorenona123.online
ablulu109.xyz
chuyunfang.com
fogofwar.quest
weimingpian.net
getmowico.com
hability.xyz
brightmachineary.com
precious-sawdaa.com
nochewing.net
fruihcon.xyz
hue-fame.com
egordizain.ru
tutastrading.africa
deansroofingandconstruction.com
arabianroadstech.com
family-doctor-41501.com
233969.com
9898svip1.com
yonggunkim.net
illminded.com
gemlikguventasevdeneve.com
fiberlazertamir.com
kimia.boo
skinnectar.uk
leve-tech.co.uk
just3pages.com
wristnoe.co.uk
e-suxiu.com
evri-deiivery.com
storageredbox.net
grdpy.com
darkblissclothing.com
functionful.com
bestinvestorcorporation.info
com-prostaclear.com
91yqm.com
districthvacs.com
floridasoftware.biz
cocredcaixaaqui.com
gooqoo.xyz
Targets
-
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.25561.19599.rtf
-
Size
2KB
-
MD5
4b14561c9f2621d61539efcf95bc9005
-
SHA1
395f327ba50f436bf3b92d54252d2641743e23f6
-
SHA256
d7f8ae465ac4eaca7c6a61818c3350a613d1a8dadb3d26b5e58b4150be145fac
-
SHA512
784619dbc5b9fcefcecfc1e3f56341f3095c8cf9a23b1531853d5af354c94371bd7dc66f23f7cb30732c81f69a7de9a8ce6eb329bb918bdd0d9e79390b73deda
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-