General
-
Target
O--O.DOC
-
Size
13KB
-
Sample
230220-phrxmaad6v
-
MD5
82d96b88479ceeb946d62e6573871988
-
SHA1
0ad70340a881c816006885caad3ac1a90a08fc37
-
SHA256
8a21b7c5efa3aa0f5d093e1e7b3da5dd7aa559266f3f68151be92036ca7f718a
-
SHA512
b426862c17d53d1ba92a08cdd20562a55cb077d7a9082557cf7fcc16042f2d2304551be274ce1d0583a422f4fc6d3e15a24648e0d569659efba7ec4a361b7bcb
-
SSDEEP
384:jhto8hBmxr8xMFagkNQBDLRiNkgR+3YO7yK9l:jhtrBMImFBiNk6+3Y0XD
Static task
static1
Behavioral task
behavioral1
Sample
O--O.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
O--O.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
formbook
4.1
ho62
aqawonky.com
ancachsroadsideassistance.com
artologycreatlive.com
olesinfo.africa
lovebreatheandsleep.com
friendsofdragonsprings.com
homecomingmums.wiki
hg222.bet
precision-spares.co.uk
generalhospitaleu.africa
touchstone4x4.africa
dynamator.com
dental-implants-52531.com
efefear.buzz
bentonapp.net
89luxu.com
bridgesonelm.com
acesaigon.online
instantapprovals.loans
evuniverso.com
kasoraenterprises.com
instasteamer.com
granolei.com
iamavisioniar.site
beachexplo.com
ynametro.com
littlegallery-rovinj.com
27og.com
horrorcity.online
zexo.africa
perdeumane.com
drugsaddiction.co.uk
tickleyourfancy.africa
jimyhq.top
rajputnetwork.co.uk
lacuspidehn.com
bestxdenotecyby.top
gg10siyahposet.xyz
biorigin.co.uk
jye-group.com
digito.exposed
eternalstw.com
schjetne.dev
climateviking.com
easysaldoya.xyz
1233332.xyz
centerverified.online
lezzetyemekfabrikasi.com
wzshayang.com
cloudadonis.com
zxpz6.com
alifecube.com
induscontrolpcb.site
golfingineurope.com
ducksathomephotos.com
aimeesbellaboutique.com
justrebottle.com
hachettejeunesse.pro
238142.com
casabiancapanama.com
dohenydesalination.com
1-kh.com
cdhptor.xyz
island6.work
ehirtt.com
Targets
-
-
Target
O--O.DOC
-
Size
13KB
-
MD5
82d96b88479ceeb946d62e6573871988
-
SHA1
0ad70340a881c816006885caad3ac1a90a08fc37
-
SHA256
8a21b7c5efa3aa0f5d093e1e7b3da5dd7aa559266f3f68151be92036ca7f718a
-
SHA512
b426862c17d53d1ba92a08cdd20562a55cb077d7a9082557cf7fcc16042f2d2304551be274ce1d0583a422f4fc6d3e15a24648e0d569659efba7ec4a361b7bcb
-
SSDEEP
384:jhto8hBmxr8xMFagkNQBDLRiNkgR+3YO7yK9l:jhtrBMImFBiNk6+3Y0XD
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-