General
-
Target
New Order.xls
-
Size
1.5MB
-
Sample
221205-hhg9vseb94
-
MD5
3237c103d03b7c263d368b07aaf276bc
-
SHA1
e0b3781099faef365d896f9720e2e1b2f8f8e52e
-
SHA256
77a2cddd040aee769ad6a806b24f4e1be3228a8477a66aab39664c6b4b1fc6bf
-
SHA512
8072de5c5af1a8d15353abf36a1e89145a36e283acf972c056d025ec1d3cb1a3a2dc19690e97c6854cab6d747b888063f50d921cb50a02e9341a326ae8f04e1a
-
SSDEEP
24576:zzxXXXXXXXXXXXXUXXXXXXXXXXXXXXXXDFmOYr5XXXXXXXXXXXXUXXXXXXXrXXXZ:k71dXpCkzl
Static task
static1
Behavioral task
behavioral1
Sample
New Order.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
New Order.xls
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
4.1
do25
nickifarina.site
nfptrwge.bar
nobreemporio.com
split-acres.com
sharingservice-act.com
nakedinktees.shop
zhensheng1988.com
ipiton.com
liftoffdigitalmarketing.com
karen.cool
theprotestantchurch.com
shirhadarr.com
azdtwp.com
comzestdent.com
jnsjh.com
in-heat-cool.com
dfefej.top
tumingchun.com
eisei-shouji.tokyo
sparecreeping.com
savitleather.com
dfd33.com
bolognabene.net
googlesepaisekaisekamaye.com
f219te8i5y.xyz
protocolozeropedras.online
xn--obsuga-5db.tech
delightzeffl.cloud
frenchiescoin.com
holoslifestyles.com
busonthego.com
istanblyzx.online
lexasm.com
gour.top
smallbizratetracker.com
putconcept.website
ashleighcaroe.com
fredrickamzwaro.click
tracy41myers.online
gensource.net
leggings.design
circleofinfluence1.com
shiningdot.online
muhunglong.com
jaxon-lane.com
jzlc1788.com
personalscore.net
greenpackfeedback.tech
baoshuiniao.com
hotelocioclub.com
goodtobehomeamerica.com
tlshine.com
cncndinosaurs.xyz
escalateph.com
climatehub.tech
sxtfjx.xyz
slotxoth456.com
mascotemais.shop
karnakai.net
ewqjai.xyz
currencyrates.wiki
ceruleankeep.com
okx-veri.xyz
kumamotometallic.com
pornblogsspider.com
Targets
-
-
Target
New Order.xls
-
Size
1.5MB
-
MD5
3237c103d03b7c263d368b07aaf276bc
-
SHA1
e0b3781099faef365d896f9720e2e1b2f8f8e52e
-
SHA256
77a2cddd040aee769ad6a806b24f4e1be3228a8477a66aab39664c6b4b1fc6bf
-
SHA512
8072de5c5af1a8d15353abf36a1e89145a36e283acf972c056d025ec1d3cb1a3a2dc19690e97c6854cab6d747b888063f50d921cb50a02e9341a326ae8f04e1a
-
SSDEEP
24576:zzxXXXXXXXXXXXXUXXXXXXXXXXXXXXXXDFmOYr5XXXXXXXXXXXXUXXXXXXXrXXXZ:k71dXpCkzl
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-