General
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.27084.13530.rtf
-
Size
4KB
-
Sample
221206-pyg3cscg7t
-
MD5
c746fc38543961ccceb2d8479563eb24
-
SHA1
bdcd20367cf10fba4e469fd7686f5954bf059bb0
-
SHA256
90e73df4afa607e8067725397493c2781c69b1c2afa6e155c262ee90cb6e3a79
-
SHA512
8ecc5025be36392d874e70e6fc1188584bfc5ed64aed628ddb9d5e384b15353f5bead449d9bbb29e7816b4f585a97462eea865c5d6b1e84dc99495ce5964260e
-
SSDEEP
96:FtnJKExwV6jHtAFNo02KG2VHWGRr2juUes5wO5IUfMAWf4FjJiJsh:Flb06jHmi02d2dZrSrlSO5IUfMAogjJB
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.27084.13530.rtf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.27084.13530.rtf
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
4.1
wh23
ow9vyvfee.com
alvis.one
mutantgobz.claims
plynofon.com
southofkingst.store
nuvidamedspa.com
coffeeforyou56.com
opaletechevents.com
momobar.life
abcmousu.com
learnicd-11.com
tipokin.xyz
kahvezevki.com
suratdimond.com
oldartists.best
infoepic.info
mattresslabo.com
skarlmotors.com
cl9319x.xyz
med49app.net
vivarellistaging2.com
gwnv.link
ogurecsbatvoi-7.online
littlelionplaycafe.com
floridaindianrivergeoves.com
eyelashacademysurrey.com
elprobetre.store
sexfan.biz
westbay.casino
carmana.store
optitude.finance
neo-hub.us
meadowwoodanimalclinic.com
ok-experts.com
magnoliabymr.com
fenomini.com
miaowu.work
skipermind.com
winstim.com
14123ninemile.com
plegablescr.com
bloommagiccbdburaliste.com
focusing-garef.com
krumobilept.com
norbercik.online
qteko.com
growupmarketingservices.com
alem-holdings.com
entreinnovator3.com
mainlydivision.space
module.live
gtrewegehwewe5.asia
jd8wme.cyou
pingacx757.com
big-teamwork.com
lesyeuxdanslespoches.com
yutighjkdfgjkd.shop
yourstoolsample.com
musntgrumble.com
jurgenremmerie.com
ebade.xyz
johnollieconstruction.com
bioprofumeria.shop
sarithebrand.com
taiguszab.online
Targets
-
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.27084.13530.rtf
-
Size
4KB
-
MD5
c746fc38543961ccceb2d8479563eb24
-
SHA1
bdcd20367cf10fba4e469fd7686f5954bf059bb0
-
SHA256
90e73df4afa607e8067725397493c2781c69b1c2afa6e155c262ee90cb6e3a79
-
SHA512
8ecc5025be36392d874e70e6fc1188584bfc5ed64aed628ddb9d5e384b15353f5bead449d9bbb29e7816b4f585a97462eea865c5d6b1e84dc99495ce5964260e
-
SSDEEP
96:FtnJKExwV6jHtAFNo02KG2VHWGRr2juUes5wO5IUfMAWf4FjJiJsh:Flb06jHmi02d2dZrSrlSO5IUfMAogjJB
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-