General
-
Target
9e89ae3e1c950baa301e0061cbbd578b35bd9bd016afd77ed9495c70a1999956.xlsx
-
Size
947KB
-
Sample
230206-3q5qcagd83
-
MD5
06eff9fb8f6098158272b5a9ff87f0fd
-
SHA1
934dbfa6420ece2eedc1b197bb52d72a733c35f7
-
SHA256
9e89ae3e1c950baa301e0061cbbd578b35bd9bd016afd77ed9495c70a1999956
-
SHA512
fc340415e01c1f7179c071c5eece2a39ce0aa3d0b16490d550ed26ac45187b2e56354bda2abad8ae8072cf77c7e134e647bf06b0ce3c40dea5193c1b6a014ec6
-
SSDEEP
24576:9jDnTuEKc8PJ5557OvpmXgBChtuZRb5imJ7EbuZAieK:tTOJ5557OAXECHuZRbYmJ7kQeK
Static task
static1
Behavioral task
behavioral1
Sample
9e89ae3e1c950baa301e0061cbbd578b35bd9bd016afd77ed9495c70a1999956.xlsx
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9e89ae3e1c950baa301e0061cbbd578b35bd9bd016afd77ed9495c70a1999956.xlsx
Resource
win10v2004-20220812-en
Malware Config
Extracted
formbook
4.1
vr21
detrop.ru
bolacash.club
thezoidtv.africa
bigartgallerystudio.com
doshkoljata.ru
gamesdaybuddiessingles.com
zonlin.net
thehilltoplodges.co.uk
fcvip.club
amandacurtinnutrition.com
londonairporttaxies.com
graniteteammates.com
devthanhvo.site
kl-thelabel.com
a1choice.net
amzprod.com
iwaint.com
device-children.com
canada-immigration-72440.com
irsdev.ru
greecoomfort.com
thelabourguy.africa
jim-x.com
betamoto.africa
facillitou.com
facetimebeauty.ru
bbooktix.com
xtool.africa
askmsjen.net
dontibbles.com
fleursfairyfloss.com
honeywellelterminali.com
ashlastweek.com
thewemsafoundation.africa
800826.com
ccaffeinated.com
loveilfracombe.co.uk
eiaauto.com
exileine.me.uk
lvbotech.com
aumentascore.net
hopsshoppe.com
eczsp.net
vaalnet.africa
delasoieglobal.com
fqxne.com
bursyardimi.com
winterz.africa
drugsfaq.info
fitnessjunkiegear.com
fastfundsnow.com
88126875229.ru
avocat-palau.com
1win-slots.gives
holmwood.xyz
gyfrgde.com
escentberlin.com
losyuc.xyz
kkqy.xyz
conestogastudentservices.net
lachrymologyacademy.com
treesurgerycambridgeshire.co.uk
86fc68.com
ljmedia.co.uk
internet-ca-2022.life
Targets
-
-
Target
9e89ae3e1c950baa301e0061cbbd578b35bd9bd016afd77ed9495c70a1999956.xlsx
-
Size
947KB
-
MD5
06eff9fb8f6098158272b5a9ff87f0fd
-
SHA1
934dbfa6420ece2eedc1b197bb52d72a733c35f7
-
SHA256
9e89ae3e1c950baa301e0061cbbd578b35bd9bd016afd77ed9495c70a1999956
-
SHA512
fc340415e01c1f7179c071c5eece2a39ce0aa3d0b16490d550ed26ac45187b2e56354bda2abad8ae8072cf77c7e134e647bf06b0ce3c40dea5193c1b6a014ec6
-
SSDEEP
24576:9jDnTuEKc8PJ5557OvpmXgBChtuZRb5imJ7EbuZAieK:tTOJ5557OAXECHuZRbYmJ7kQeK
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-