General
-
Target
O_O.DOC
-
Size
13KB
-
Sample
230216-1w9kdabh6v
-
MD5
aedb3953dd70f03351f2cf98ed82e141
-
SHA1
6610f485d292277a4afc3b91cf09a66b51c68fc4
-
SHA256
d7e98e5c75b815ee296b523c269453efdca996595b44c6e33ea0b112f34f8b3b
-
SHA512
6ad736036664831e313012129123964ebafd192a595282cc3f1b8b47b379d8f12736e0001f1c4f4c16e2a53afa5fe70eca555dc037f8160702c3a093e0c88a49
-
SSDEEP
192:7PsNGkkB2827ZFZuEHeNs3St0zD+yMUztAVVYXOsxITpg/YqAOiTfQ/j/P:7POCk7DeNs3St25hYgOlq5awjX
Static task
static1
Behavioral task
behavioral1
Sample
O_O.rtf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
O_O.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
formbook
4.1
ho62
aqawonky.com
ancachsroadsideassistance.com
artologycreatlive.com
olesinfo.africa
lovebreatheandsleep.com
friendsofdragonsprings.com
homecomingmums.wiki
hg222.bet
precision-spares.co.uk
generalhospitaleu.africa
touchstone4x4.africa
dynamator.com
dental-implants-52531.com
efefear.buzz
bentonapp.net
89luxu.com
bridgesonelm.com
acesaigon.online
instantapprovals.loans
evuniverso.com
kasoraenterprises.com
instasteamer.com
granolei.com
iamavisioniar.site
beachexplo.com
ynametro.com
littlegallery-rovinj.com
27og.com
horrorcity.online
zexo.africa
perdeumane.com
drugsaddiction.co.uk
tickleyourfancy.africa
jimyhq.top
rajputnetwork.co.uk
lacuspidehn.com
bestxdenotecyby.top
gg10siyahposet.xyz
biorigin.co.uk
jye-group.com
digito.exposed
eternalstw.com
schjetne.dev
climateviking.com
easysaldoya.xyz
1233332.xyz
centerverified.online
lezzetyemekfabrikasi.com
wzshayang.com
cloudadonis.com
zxpz6.com
alifecube.com
induscontrolpcb.site
golfingineurope.com
ducksathomephotos.com
aimeesbellaboutique.com
justrebottle.com
hachettejeunesse.pro
238142.com
casabiancapanama.com
dohenydesalination.com
1-kh.com
cdhptor.xyz
island6.work
ehirtt.com
Targets
-
-
Target
O_O.DOC
-
Size
13KB
-
MD5
aedb3953dd70f03351f2cf98ed82e141
-
SHA1
6610f485d292277a4afc3b91cf09a66b51c68fc4
-
SHA256
d7e98e5c75b815ee296b523c269453efdca996595b44c6e33ea0b112f34f8b3b
-
SHA512
6ad736036664831e313012129123964ebafd192a595282cc3f1b8b47b379d8f12736e0001f1c4f4c16e2a53afa5fe70eca555dc037f8160702c3a093e0c88a49
-
SSDEEP
192:7PsNGkkB2827ZFZuEHeNs3St0zD+yMUztAVVYXOsxITpg/YqAOiTfQ/j/P:7POCk7DeNs3St25hYgOlq5awjX
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-