General
-
Target
9268130599.zip
-
Size
28KB
-
Sample
230221-yy738agd48
-
MD5
dbae219f116b00170b8b716b9dee4fd1
-
SHA1
8000dee5c1e0995354e8118a1b77cd4b950465ab
-
SHA256
ebefe507bd57a2a4b7dca27686b35b27062ec02ff9b156b2c582134e60216c7f
-
SHA512
45de12a6a884a3dfdb4ef3e95ef6cab3cba67be62e9d74d1c560ea09a579c19e0fa680a33db61bd668b8137f907b2525a66aa0055dbc53cfc20f361d1e865826
-
SSDEEP
768:7fi0ckD5tTD15mxD4Z5S6gekYf1N5pza4IN1Df+vV:7fiYTh5hZln1N5pW5I9
Static task
static1
Behavioral task
behavioral1
Sample
d53bfebaa5727190790fb0ee11028d82703c9ec84e50735248179a756ed0fd04.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d53bfebaa5727190790fb0ee11028d82703c9ec84e50735248179a756ed0fd04.xls
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
g2fg
snowcrash.website
pointman.us
newheartvalve.care
drandl.com
sandspringsramblers.com
programagubernamental.online
boja.us
mvrsnike.com
mentallyillmotherhood.com
facom.us
programagubernamental.store
izivente.com
roller-v.fr
amazonbioactives.com
metaverseapple.xyz
5gt-mobilevsverizon.com
gtwebsolutions.co
scottdunn.life
usdp.trade
pikmin.run
cardano-dogs.com
bf2hgfy.xyz
teslafoot.com
rubertquintana.com
wellsfargroewards.com
santel.us
couponatonline.com
theunitedhomeland.com
pmstnly.com
strlocal.com
shelleysmucker.com
youser.online
emansdesign.com
usnikeshoesbot.top
starfish.press
scotwork.us
metamorgana.com
onyxbx.net
rivas.company
firstcoastalfb.com
onpurposetraumainformedcare.com
celimot.xyz
jecunikepemej.rest
lenovolatenightit.com
unitedsterlingcompanyky.com
safety2venture.us
facebookismetanow.com
scottdunn.review
mentallyillmotherhood.com
firstincargo.com
vikavivi.com
investmenofpairs.club
nexans.cloud
farcloud.fr
ivermectinforhumans.quest
5gmalesdf.sbs
majenta.info
6vvvvvwmetam.top
metafirstclass.com
firstcoinnews.com
btcetffutures.online
funinfortmyers.com
mangoirslk.top
metaversebasicprivacy.com
blancheshelley.xyz
Targets
-
-
Target
d53bfebaa5727190790fb0ee11028d82703c9ec84e50735248179a756ed0fd04
-
Size
287KB
-
MD5
8654f45ca86d45b40eda29324478b986
-
SHA1
5b48b95f25c0f2f091ecba6cefbce7dd93301e6e
-
SHA256
d53bfebaa5727190790fb0ee11028d82703c9ec84e50735248179a756ed0fd04
-
SHA512
c1358823358bd91cb45e583e51eec75453a955e12e32bdda2145dcee088f7bebc1298949f8f54c8ac9e01a533474dceefdf734a9bcd3e30b4d566cebd014ac1c
-
SSDEEP
3072:PUkZ+RwPONXoRjDhIcp0fDlaGGx+cL26nA:JZ+RwPONXoRjDhIcp0fDlavx+W26nA
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-