General
-
Target
Quotation.xls
-
Size
813KB
-
Sample
221130-w2mwcagd4w
-
MD5
c196268a0bbe6cb62aa9a304e2a5eb89
-
SHA1
a6621f62281c559c0ca622ac64a9330d540a1cea
-
SHA256
6f01ffd758dbda45a940a7f396fc02e29d10ea1cba8d0dbc03f3902e97821c85
-
SHA512
03ea89f7cb5a22d29f93b6175892bdd1a6c257edf259fc7b040634d5336ec4757c166ec2f4828de714ff22c4ab34f87296339bf850148554a3d636e50d4ac8e7
-
SSDEEP
24576:EcRFr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXpmYr5XXXXXXXXXXXXUXXXXXXXSXXN:Hw5DI
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Quotation.xls
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
4.1
g2fg
snowcrash.website
pointman.us
newheartvalve.care
drandl.com
sandspringsramblers.com
programagubernamental.online
boja.us
mvrsnike.com
mentallyillmotherhood.com
facom.us
programagubernamental.store
izivente.com
roller-v.fr
amazonbioactives.com
metaverseapple.xyz
5gt-mobilevsverizon.com
gtwebsolutions.co
scottdunn.life
usdp.trade
pikmin.run
cardano-dogs.com
bf2hgfy.xyz
teslafoot.com
rubertquintana.com
wellsfargroewards.com
santel.us
couponatonline.com
theunitedhomeland.com
pmstnly.com
strlocal.com
shelleysmucker.com
youser.online
emansdesign.com
usnikeshoesbot.top
starfish.press
scotwork.us
metamorgana.com
onyxbx.net
rivas.company
firstcoastalfb.com
onpurposetraumainformedcare.com
celimot.xyz
jecunikepemej.rest
lenovolatenightit.com
unitedsterlingcompanyky.com
safety2venture.us
facebookismetanow.com
scottdunn.review
mentallyillmotherhood.com
firstincargo.com
vikavivi.com
investmenofpairs.club
nexans.cloud
farcloud.fr
ivermectinforhumans.quest
5gmalesdf.sbs
majenta.info
6vvvvvwmetam.top
metafirstclass.com
firstcoinnews.com
btcetffutures.online
funinfortmyers.com
mangoirslk.top
metaversebasicprivacy.com
blancheshelley.xyz
Targets
-
-
Target
Quotation.xls
-
Size
813KB
-
MD5
c196268a0bbe6cb62aa9a304e2a5eb89
-
SHA1
a6621f62281c559c0ca622ac64a9330d540a1cea
-
SHA256
6f01ffd758dbda45a940a7f396fc02e29d10ea1cba8d0dbc03f3902e97821c85
-
SHA512
03ea89f7cb5a22d29f93b6175892bdd1a6c257edf259fc7b040634d5336ec4757c166ec2f4828de714ff22c4ab34f87296339bf850148554a3d636e50d4ac8e7
-
SSDEEP
24576:EcRFr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXpmYr5XXXXXXXXXXXXUXXXXXXXSXXN:Hw5DI
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-