General
-
Target
8340F192A38F93E6AD8FC515505E2D2A9D8B0457E3F2D684A60BA292AA8C1CD0
-
Size
813KB
-
Sample
221130-epz7gahh9y
-
MD5
3c8761ae223c4e16060ec46b42d46ca6
-
SHA1
e52161319d8a16f308912d3fcfe834c31de4a411
-
SHA256
8340f192a38f93e6ad8fc515505e2d2a9d8b0457e3f2d684a60ba292aa8c1cd0
-
SHA512
13daa66c63c13ac557243ce7c0ed4fead59940411ed53686627fef16d8021d85243abcfa999e96c70a44b50cc292bd97a0c0f402979cfefda6a6fff547bd14b0
-
SSDEEP
24576:qinr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXX4m+r5XXXXXXXXXXXXUXXXXXXXSXXXn:8QX1FU
Static task
static1
Behavioral task
behavioral1
Sample
8340F192A38F93E6AD8FC515505E2D2A9D8B0457E3F2D684A60BA292AA8C1CD0.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8340F192A38F93E6AD8FC515505E2D2A9D8B0457E3F2D684A60BA292AA8C1CD0.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
formbook
4.1
b3es
sweets.wtf
apextama.com
tygbs.com
kumaoedu.com
bestbathroomremodeling.club
lnshykj.com
nelsonanddima.com
falunap.info
codyhinrichs.com
2797vip.com
danutka.com
3o2t307a.com
kellymariewest.com
profilelonn.online
procan.website
sopjimmy.com
xn--skdarkae-55ac80i.net
entitymanaged.com
melitadahl.art
joineguru.net
good-meme.com
creditconepts.com
narafconstruction.com
paspsichologa.com
rancho365.com
rimplefeel.com
kingsub.online
cnsrdns.com
billythepainter.com
clientevirtualpdf.net
marycruzruiz.com
renaultcikmaparca.xyz
1600156.com
paymallmart.info
garafe.com
fredrikk.net
gogo-tunisia.space
center-me.com
xiaohuayhq.com
xn--h49a60xt7azzcm91a.com
unidiliobobo.info
libertypolestore.com
20111210.net
atraofix.online
furniron.com
mingyun58.com
shfesmua.com
rdougdigital.life
safsip.com
melon.town
sagihigaibengo.net
ethnicsbyak.com
designoffaitheventsllc.com
dpmforensics.com
ripple-us.net
fuyouhin-happiness.com
conceptweb.online
l453.net
zenars.com
mepcoonlinebill.com
oonn99.xyz
dackus.energy
articvas.com
yayuanlin.com
imperiumtowns.xyz
Targets
-
-
Target
8340F192A38F93E6AD8FC515505E2D2A9D8B0457E3F2D684A60BA292AA8C1CD0
-
Size
813KB
-
MD5
3c8761ae223c4e16060ec46b42d46ca6
-
SHA1
e52161319d8a16f308912d3fcfe834c31de4a411
-
SHA256
8340f192a38f93e6ad8fc515505e2d2a9d8b0457e3f2d684a60ba292aa8c1cd0
-
SHA512
13daa66c63c13ac557243ce7c0ed4fead59940411ed53686627fef16d8021d85243abcfa999e96c70a44b50cc292bd97a0c0f402979cfefda6a6fff547bd14b0
-
SSDEEP
24576:qinr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXX4m+r5XXXXXXXXXXXXUXXXXXXXSXXXn:8QX1FU
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-