General
-
Target
Revised PO1KT762000.xls
-
Size
1.5MB
-
Sample
221205-hhgy4aeb93
-
MD5
843c4da4aee00e6b09c25094ea9d58d3
-
SHA1
1d28b92e837b25bd521fd6658380284112a2ceb3
-
SHA256
12d9f677ce3ebfccf60ffa363ee78d8de4e7846f1511a67c25b84bdcb25edad7
-
SHA512
e9f34a1f7804a28f97f8cf1dad95ed1c4b2a664b53e61b4ffbc1bd3d9aa8f7c51b85c29b204493806696d04fb4e4c88b434f443646cfb4352f6eb935f955aaab
-
SSDEEP
24576:ZzxXXXXXXXXXXXXUXXXXXXXXXXXXXXXXDvmV8r5XXXXXXXXXXXXUXXXXXXXrXXXZ:64oMXXtnYCX
Static task
static1
Behavioral task
behavioral1
Sample
Revised PO1KT762000.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Revised PO1KT762000.xls
Resource
win10v2004-20220901-en
Malware Config
Extracted
formbook
4.1
dv22
ivk-muc.com
theplantgranny.net
efefefficient.buzz
car-deals-87506.com
yangcongzhibo.net
empiralventures.com
latexpillo.com
ferramentafivizzanese.shop
kx1553.com
timamollo.africa
paran6787.net
fabicilio.online
kreativnettchen.shop
manakamana.co.uk
andreapeverelli.shop
jianf.site
kmqan.xyz
aoshilang.com
dnsmctmu.com
pumpkinsmp.net
mixloaded.africa
cunhuatv0.xyz
thedreamrun.co.uk
ldkj9d8.vip
hairtransplant-turkey.com
6635.global
convergeonart.com
ichwillstillen.com
thelivinglovedco.com
whybereasonable.com
fransizrivierasi.com
base2mexico.com
igniteadventureandwellness.com
tradeinclusive.africa
flyingsardine.uno
freziatextile.ru
icimke.com
tubefuckme.net
csvillage.net
dripcentral.shop
idfmusic.com
eyeintheskysecurity.co.uk
ewa-lab.tech
longpostaltubes.co.uk
bee-win.com
disrae.com
haoi111.com
e-curlibrium.com
digiturkrizebayi.com
mrbenmultilinks.africa
gszxtyl.xyz
foresightgroup.africa
metamallmarketplace.com
tobyno.co.uk
asgstafffing.com
kittycatkingdom.shop
amqp.xyz
bayb.boo
landmarkcityguide.com
dististicks.com
tubeporn4k.net
europeaceducation.net
hash2earn.com
jiwuke.com
obgista.africa
Targets
-
-
Target
Revised PO1KT762000.xls
-
Size
1.5MB
-
MD5
843c4da4aee00e6b09c25094ea9d58d3
-
SHA1
1d28b92e837b25bd521fd6658380284112a2ceb3
-
SHA256
12d9f677ce3ebfccf60ffa363ee78d8de4e7846f1511a67c25b84bdcb25edad7
-
SHA512
e9f34a1f7804a28f97f8cf1dad95ed1c4b2a664b53e61b4ffbc1bd3d9aa8f7c51b85c29b204493806696d04fb4e4c88b434f443646cfb4352f6eb935f955aaab
-
SSDEEP
24576:ZzxXXXXXXXXXXXXUXXXXXXXXXXXXXXXXDvmV8r5XXXXXXXXXXXXUXXXXXXXrXXXZ:64oMXXtnYCX
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-