General
-
Target
PI.xls
-
Size
572KB
-
Sample
221125-nlj6hsgg6z
-
MD5
bb4c1fc0513552cb4a5845d8acad983c
-
SHA1
176b67e99bb252345bf71b30e909a47f6f95333d
-
SHA256
9eb2b7acb3ab10e79a731f59d8cb0674cdaeff303db290a18e86d808d0aeb6ca
-
SHA512
d6c0db3f2bb3bc1fcdf2f3dd42f7e8f4971b1163c219e7482734ca8feca0d2211fa0089096d0cf3a093b076898b4b260b8e48f271a27e75cff592744b47f0ace
-
SSDEEP
12288:l5UMHq/88o5zJOcVLEP9iEtHlifM9fGaHC:l2M2C5zJwbtHv9fGa
Behavioral task
behavioral1
Sample
PI.xls
Resource
win7-20220901-en
Malware Config
Extracted
formbook
4.1
nurs
caixinhascomcarinho.com
abinotools.com
oporto-tours.com
iruos.com
yesmamawinebar.com
wwwscu.com
habit2impact.com
antigenresearch.com
ux4space.com
diarypisces.com
cryptopers.com
lovingmoreband.com
beerwars.net
ascariproject.site
livesoccerhd.info
bluestardivingschool.com
pluik.com
snorrky.space
lcoi9.com
phantomxr.com
billingandinvoicing-d.space
sdcvbk.online
ozoraa.tech
chroniclesmagazine.net
hlamarwillis.com
tavolosmart.com
petrouzinexmail.com
nord-income.com
boatlifestyle.life
kangenionizedwater.com
cassandrestlouis.com
nicodemusandcrow.com
yodercontractors.com
trendingwithtom.com
amazondeserthotsprings.com
ietsiemooishop.com
yuqifudemao.online
rdf-group.com
jukerounisexsalon.com
lunarphase-aroma.com
charmapa.com
pimcoclients-au.com
denmarktennessee.com
practicalfpa.biz
mdjwa.com
aerobalear.com
hotgirlseeking.online
upscalee.com
northerntohoku-cartours.com
bestcomposable.com
hgjjglq.com
biggabytes.com
positiveenergyart.com
gastries.info
jamestaylorcreative.com
oolsoojeed-ihissoavaj.online
teoshotthis.com
freetinytools.com
keyupstudio.com
nakiavolaris.store
lifewithlenaivie.com
meysisupplierberas.com
akannroyal.xyz
cultivayoga.store
truckdued.com
Targets
-
-
Target
PI.xls
-
Size
572KB
-
MD5
bb4c1fc0513552cb4a5845d8acad983c
-
SHA1
176b67e99bb252345bf71b30e909a47f6f95333d
-
SHA256
9eb2b7acb3ab10e79a731f59d8cb0674cdaeff303db290a18e86d808d0aeb6ca
-
SHA512
d6c0db3f2bb3bc1fcdf2f3dd42f7e8f4971b1163c219e7482734ca8feca0d2211fa0089096d0cf3a093b076898b4b260b8e48f271a27e75cff592744b47f0ace
-
SSDEEP
12288:l5UMHq/88o5zJOcVLEP9iEtHlifM9fGaHC:l2M2C5zJwbtHv9fGa
-
Formbook payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-