General
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.15898.752.rtf
-
Size
8KB
-
Sample
221209-sxg8hsgc9v
-
MD5
499022cbbd416c5ccf176ce786e21da5
-
SHA1
64dd51ccdeffd102dadcfb5808f94326a4fc4f41
-
SHA256
3c660cdbb7f8b19716a4b896d0db3b4c615a3a6946d83f43f7f547f92f923dd3
-
SHA512
baec03a6e9077c73cbb096f5ebb01423b1e880a812851515212c0eeb322486b0cd13a214b50e8bac12585a1702373d2c3ebe1572b80dee6395d000440788cddb
-
SSDEEP
192:dtY5arcM/P6wNeGHoqP6I/LBXq+8eVg/tAv+XsdNPgaRz:7Y5s136dGH53/4+PQ4fT
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.15898.752.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.15898.752.rtf
Resource
win10v2004-20220901-en
Malware Config
Extracted
formbook
4.1
wh23
ow9vyvfee.com
alvis.one
mutantgobz.claims
plynofon.com
southofkingst.store
nuvidamedspa.com
coffeeforyou56.com
opaletechevents.com
momobar.life
abcmousu.com
learnicd-11.com
tipokin.xyz
kahvezevki.com
suratdimond.com
oldartists.best
infoepic.info
mattresslabo.com
skarlmotors.com
cl9319x.xyz
med49app.net
vivarellistaging2.com
gwnv.link
ogurecsbatvoi-7.online
littlelionplaycafe.com
floridaindianrivergeoves.com
eyelashacademysurrey.com
elprobetre.store
sexfan.biz
westbay.casino
carmana.store
optitude.finance
neo-hub.us
meadowwoodanimalclinic.com
ok-experts.com
magnoliabymr.com
fenomini.com
miaowu.work
skipermind.com
winstim.com
14123ninemile.com
plegablescr.com
bloommagiccbdburaliste.com
focusing-garef.com
krumobilept.com
norbercik.online
qteko.com
growupmarketingservices.com
alem-holdings.com
entreinnovator3.com
mainlydivision.space
module.live
gtrewegehwewe5.asia
jd8wme.cyou
pingacx757.com
big-teamwork.com
lesyeuxdanslespoches.com
yutighjkdfgjkd.shop
yourstoolsample.com
musntgrumble.com
jurgenremmerie.com
ebade.xyz
johnollieconstruction.com
bioprofumeria.shop
sarithebrand.com
taiguszab.online
Targets
-
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.15898.752.rtf
-
Size
8KB
-
MD5
499022cbbd416c5ccf176ce786e21da5
-
SHA1
64dd51ccdeffd102dadcfb5808f94326a4fc4f41
-
SHA256
3c660cdbb7f8b19716a4b896d0db3b4c615a3a6946d83f43f7f547f92f923dd3
-
SHA512
baec03a6e9077c73cbb096f5ebb01423b1e880a812851515212c0eeb322486b0cd13a214b50e8bac12585a1702373d2c3ebe1572b80dee6395d000440788cddb
-
SSDEEP
192:dtY5arcM/P6wNeGHoqP6I/LBXq+8eVg/tAv+XsdNPgaRz:7Y5s136dGH53/4+PQ4fT
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-