General
-
Target
PO9204-11302022.xls
-
Size
1.1MB
-
Sample
221201-ms4m3aaf64
-
MD5
20b8376e0465826f46f496000277a4ed
-
SHA1
08f23abd24ba6db96de8b42851704d8ca0403c2c
-
SHA256
d0338a4aee47cbb726a76b063b3a7073d6f27aa4797115c86ff002be81a66457
-
SHA512
a76ab2f0bb4d947f8b5dc6416539c2979b089fb5dd9f894aaf47e73117789de1f35efaee6cc3add3d111e63d02c89299370fb34d6d3563ffa5955b12da80f153
-
SSDEEP
24576:W6Qr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXWmHr5XXXXXXXXXXXXUXXXXXXXSXXX0:t3o6dg8uPo
Static task
static1
Behavioral task
behavioral1
Sample
PO9204-11302022.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO9204-11302022.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
formbook
4.1
dv22
ivk-muc.com
theplantgranny.net
efefefficient.buzz
car-deals-87506.com
yangcongzhibo.net
empiralventures.com
latexpillo.com
ferramentafivizzanese.shop
kx1553.com
timamollo.africa
paran6787.net
fabicilio.online
kreativnettchen.shop
manakamana.co.uk
andreapeverelli.shop
jianf.site
kmqan.xyz
aoshilang.com
dnsmctmu.com
pumpkinsmp.net
mixloaded.africa
cunhuatv0.xyz
thedreamrun.co.uk
ldkj9d8.vip
hairtransplant-turkey.com
6635.global
convergeonart.com
ichwillstillen.com
thelivinglovedco.com
whybereasonable.com
fransizrivierasi.com
base2mexico.com
igniteadventureandwellness.com
tradeinclusive.africa
flyingsardine.uno
freziatextile.ru
icimke.com
tubefuckme.net
csvillage.net
dripcentral.shop
idfmusic.com
eyeintheskysecurity.co.uk
ewa-lab.tech
longpostaltubes.co.uk
bee-win.com
disrae.com
haoi111.com
e-curlibrium.com
digiturkrizebayi.com
mrbenmultilinks.africa
gszxtyl.xyz
foresightgroup.africa
metamallmarketplace.com
tobyno.co.uk
asgstafffing.com
kittycatkingdom.shop
amqp.xyz
bayb.boo
landmarkcityguide.com
dististicks.com
tubeporn4k.net
europeaceducation.net
hash2earn.com
jiwuke.com
obgista.africa
Targets
-
-
Target
PO9204-11302022.xls
-
Size
1.1MB
-
MD5
20b8376e0465826f46f496000277a4ed
-
SHA1
08f23abd24ba6db96de8b42851704d8ca0403c2c
-
SHA256
d0338a4aee47cbb726a76b063b3a7073d6f27aa4797115c86ff002be81a66457
-
SHA512
a76ab2f0bb4d947f8b5dc6416539c2979b089fb5dd9f894aaf47e73117789de1f35efaee6cc3add3d111e63d02c89299370fb34d6d3563ffa5955b12da80f153
-
SSDEEP
24576:W6Qr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXWmHr5XXXXXXXXXXXXUXXXXXXXSXXX0:t3o6dg8uPo
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-