General
-
Target
RFQ-SANOS-TENDER DOCUMENT_specifications001.doc
-
Size
9KB
-
Sample
221209-mh8h9sch92
-
MD5
8f7574acf0737fc12d5019b19df45ff5
-
SHA1
12be20df9be6591cd53003cc4c9e7388a672e41c
-
SHA256
d8a5da9f780854652a37a5a4fdd812a99af1b26236adf4deac2ca38415224a8d
-
SHA512
fe935974b8de54c093a7c355db5558f10ce3d7b156bd8b835ded53dee1afe650566ac88be6ea0c9d933f1d8db287787f08e71db93b3ee56d7afb24ea38511859
-
SSDEEP
192:Xnu6W2UOd8LhywLTPG6Pw24rCKdDrAKVw3AsQ6aR3ijPWFqMw5OCjMaM:3f/UOd8Fyw3+kwr+KdrAUwwsQRR3ijp8
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-SANOS-TENDER DOCUMENT_specifications001.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RFQ-SANOS-TENDER DOCUMENT_specifications001.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
formbook
4.1
wh23
ow9vyvfee.com
alvis.one
mutantgobz.claims
plynofon.com
southofkingst.store
nuvidamedspa.com
coffeeforyou56.com
opaletechevents.com
momobar.life
abcmousu.com
learnicd-11.com
tipokin.xyz
kahvezevki.com
suratdimond.com
oldartists.best
infoepic.info
mattresslabo.com
skarlmotors.com
cl9319x.xyz
med49app.net
vivarellistaging2.com
gwnv.link
ogurecsbatvoi-7.online
littlelionplaycafe.com
floridaindianrivergeoves.com
eyelashacademysurrey.com
elprobetre.store
sexfan.biz
westbay.casino
carmana.store
optitude.finance
neo-hub.us
meadowwoodanimalclinic.com
ok-experts.com
magnoliabymr.com
fenomini.com
miaowu.work
skipermind.com
winstim.com
14123ninemile.com
plegablescr.com
bloommagiccbdburaliste.com
focusing-garef.com
krumobilept.com
norbercik.online
qteko.com
growupmarketingservices.com
alem-holdings.com
entreinnovator3.com
mainlydivision.space
module.live
gtrewegehwewe5.asia
jd8wme.cyou
pingacx757.com
big-teamwork.com
lesyeuxdanslespoches.com
yutighjkdfgjkd.shop
yourstoolsample.com
musntgrumble.com
jurgenremmerie.com
ebade.xyz
johnollieconstruction.com
bioprofumeria.shop
sarithebrand.com
taiguszab.online
Targets
-
-
Target
RFQ-SANOS-TENDER DOCUMENT_specifications001.doc
-
Size
9KB
-
MD5
8f7574acf0737fc12d5019b19df45ff5
-
SHA1
12be20df9be6591cd53003cc4c9e7388a672e41c
-
SHA256
d8a5da9f780854652a37a5a4fdd812a99af1b26236adf4deac2ca38415224a8d
-
SHA512
fe935974b8de54c093a7c355db5558f10ce3d7b156bd8b835ded53dee1afe650566ac88be6ea0c9d933f1d8db287787f08e71db93b3ee56d7afb24ea38511859
-
SSDEEP
192:Xnu6W2UOd8LhywLTPG6Pw24rCKdDrAKVw3AsQ6aR3ijPWFqMw5OCjMaM:3f/UOd8Fyw3+kwr+KdrAUwwsQRR3ijp8
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-