General
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.7145.26581.rtf
-
Size
7KB
-
Sample
221206-qt4w1afc2z
-
MD5
48761a16dd96c10f032b32475c748e37
-
SHA1
7dc04a878bb273a6406b68cdafeb71b62dccf1ad
-
SHA256
d213681bdb5ce1ca9f353ca5c8b6d45fca9de882b79f6e6708898096817427dd
-
SHA512
513e265766b595f9dce532209c60913e89dfe813eb4c1e0fec724c9549fe03cedb7de1aa4ec2f8505f7d9b4202ddd4fd11a2bf9d6464b0ca924a862ab02f0c0c
-
SSDEEP
192:iz9E7DX8Lu5f0FwU4b06jHmi02d2dZrSrlSO5IUfMAogjJHm:4UwKLHYGHX02sZrSr7FMAo8lm
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.7145.26581.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.7145.26581.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
formbook
4.1
wh23
ow9vyvfee.com
alvis.one
mutantgobz.claims
plynofon.com
southofkingst.store
nuvidamedspa.com
coffeeforyou56.com
opaletechevents.com
momobar.life
abcmousu.com
learnicd-11.com
tipokin.xyz
kahvezevki.com
suratdimond.com
oldartists.best
infoepic.info
mattresslabo.com
skarlmotors.com
cl9319x.xyz
med49app.net
vivarellistaging2.com
gwnv.link
ogurecsbatvoi-7.online
littlelionplaycafe.com
floridaindianrivergeoves.com
eyelashacademysurrey.com
elprobetre.store
sexfan.biz
westbay.casino
carmana.store
optitude.finance
neo-hub.us
meadowwoodanimalclinic.com
ok-experts.com
magnoliabymr.com
fenomini.com
miaowu.work
skipermind.com
winstim.com
14123ninemile.com
plegablescr.com
bloommagiccbdburaliste.com
focusing-garef.com
krumobilept.com
norbercik.online
qteko.com
growupmarketingservices.com
alem-holdings.com
entreinnovator3.com
mainlydivision.space
module.live
gtrewegehwewe5.asia
jd8wme.cyou
pingacx757.com
big-teamwork.com
lesyeuxdanslespoches.com
yutighjkdfgjkd.shop
yourstoolsample.com
musntgrumble.com
jurgenremmerie.com
ebade.xyz
johnollieconstruction.com
bioprofumeria.shop
sarithebrand.com
taiguszab.online
Targets
-
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.7145.26581.rtf
-
Size
7KB
-
MD5
48761a16dd96c10f032b32475c748e37
-
SHA1
7dc04a878bb273a6406b68cdafeb71b62dccf1ad
-
SHA256
d213681bdb5ce1ca9f353ca5c8b6d45fca9de882b79f6e6708898096817427dd
-
SHA512
513e265766b595f9dce532209c60913e89dfe813eb4c1e0fec724c9549fe03cedb7de1aa4ec2f8505f7d9b4202ddd4fd11a2bf9d6464b0ca924a862ab02f0c0c
-
SSDEEP
192:iz9E7DX8Lu5f0FwU4b06jHmi02d2dZrSrlSO5IUfMAogjJHm:4UwKLHYGHX02sZrSr7FMAo8lm
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-