General
-
Target
invoiceDocx.wsf
-
Size
617B
-
Sample
221213-kmwzxsha41
-
MD5
48a775e6dd5d96edafaeac7d785c8d64
-
SHA1
054eb3ce87682d131b95a22741bcca35b1e1d5d1
-
SHA256
20ca052bc52642c405973b7085edbb40b22aa28d7e781dddc43760097ea58722
-
SHA512
bb6eac05b3a1fdc9b169bb8a71f44e2fafa4a95367cf07952776aa781baec46a2f231ccc3c06823aaa1f960ce18e9f0d323b3c1f54cf0d6bca3d9f6e1d857379
Static task
static1
Behavioral task
behavioral1
Sample
invoiceDocx.wsf
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
je14
innervisionbuildings.com
theenergysocialite.com
565548.com
panghr.com
onlyonesolutions.com
stjohnzone6.com
cnotes.rest
helfeb.online
xixi-s-inc.club
easilyentered.com
theshopx.store
mrclean-ac.com
miamibeachwateradventures.com
jpearce.co.uk
seseragi-bunkou.com
minimaddie.com
commbank-help-849c3.com
segohandelsonderneming.com
namthanhreal.com
fototerapi.online
your-download.com
klindt.one
sellerscourt.com
francoislambert.store
smokedoutvapes.co.uk
rundacg.com
flavors-and-spices-lyon.com
qifengsuo.com
sunnyislesgardens.com
tunneldutransit.com
restorecodes.website
blast4me.com
bingser.space
co-gpco.com
emporioaliwen.com
mr5g.com
abcp666.com
consulvip.net
sagaming168.info
zjpbhsuz.top
socal-labworx.com
arethaglennevents.com
rafiqsiregar.com
esgh2.com
veirdmusic.com
abzcc.xyz
8065yp.com
dronebazar.com
duetpbr.com
apartamentoslaencantada.com
digigold.info
homedecorsuppliers.com
duenorthrm.com
xmmdsy.com
ddstennessee.com
marmeluz.com
ragnallhess.com
methinelli.com
randomlymetheseer.com
magicgrowthproducts.com
shreejistudio.com
mattress-37684.com
yellyfishfilms.com
www1111cpw.com
tigermedlagroup.com
Targets
-
-
Target
invoiceDocx.wsf
-
Size
617B
-
MD5
48a775e6dd5d96edafaeac7d785c8d64
-
SHA1
054eb3ce87682d131b95a22741bcca35b1e1d5d1
-
SHA256
20ca052bc52642c405973b7085edbb40b22aa28d7e781dddc43760097ea58722
-
SHA512
bb6eac05b3a1fdc9b169bb8a71f44e2fafa4a95367cf07952776aa781baec46a2f231ccc3c06823aaa1f960ce18e9f0d323b3c1f54cf0d6bca3d9f6e1d857379
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-