General
-
Target
Quotation.xls
-
Size
1.2MB
-
Sample
230306-l7yvpabf78
-
MD5
a990a6c4696a69bb5d468b3cf4f8dd6f
-
SHA1
9bda12a2d033a96727cf4fc600fc69e02d6bd98a
-
SHA256
1bcc7193617e608499c5a49a55ec343748dfcb4e6e554b8f2b1d9b6ce929962c
-
SHA512
bcc5bf35a676b130f3c936e9e43cc903c74982e1d248a859aa0f72faf65c11c58d3103400be9c6f84b1439f5d1a4689cfe224b0bb52e4cea7f8a4c96aab683df
-
SSDEEP
24576:HLKrWQmmav30xaBqaWQmmav30xnWQmmav30xgBpgWQmmav30xx69DV0RBzgfR3:HLKKQmmQ30g2QmmQ30gQmmQ30Or1QmmE
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Quotation.xls
Resource
win10v2004-20230221-en
Malware Config
Extracted
formbook
4.1
g2fg
snowcrash.website
pointman.us
newheartvalve.care
drandl.com
sandspringsramblers.com
programagubernamental.online
boja.us
mvrsnike.com
mentallyillmotherhood.com
facom.us
programagubernamental.store
izivente.com
roller-v.fr
amazonbioactives.com
metaverseapple.xyz
5gt-mobilevsverizon.com
gtwebsolutions.co
scottdunn.life
usdp.trade
pikmin.run
cardano-dogs.com
bf2hgfy.xyz
teslafoot.com
rubertquintana.com
wellsfargroewards.com
santel.us
couponatonline.com
theunitedhomeland.com
pmstnly.com
strlocal.com
shelleysmucker.com
youser.online
emansdesign.com
usnikeshoesbot.top
starfish.press
scotwork.us
metamorgana.com
onyxbx.net
rivas.company
firstcoastalfb.com
onpurposetraumainformedcare.com
celimot.xyz
jecunikepemej.rest
lenovolatenightit.com
unitedsterlingcompanyky.com
safety2venture.us
facebookismetanow.com
scottdunn.review
mentallyillmotherhood.com
firstincargo.com
vikavivi.com
investmenofpairs.club
nexans.cloud
farcloud.fr
ivermectinforhumans.quest
5gmalesdf.sbs
majenta.info
6vvvvvwmetam.top
metafirstclass.com
firstcoinnews.com
btcetffutures.online
funinfortmyers.com
mangoirslk.top
metaversebasicprivacy.com
blancheshelley.xyz
Targets
-
-
Target
Quotation.xls
-
Size
1.2MB
-
MD5
a990a6c4696a69bb5d468b3cf4f8dd6f
-
SHA1
9bda12a2d033a96727cf4fc600fc69e02d6bd98a
-
SHA256
1bcc7193617e608499c5a49a55ec343748dfcb4e6e554b8f2b1d9b6ce929962c
-
SHA512
bcc5bf35a676b130f3c936e9e43cc903c74982e1d248a859aa0f72faf65c11c58d3103400be9c6f84b1439f5d1a4689cfe224b0bb52e4cea7f8a4c96aab683df
-
SSDEEP
24576:HLKrWQmmav30xaBqaWQmmav30xnWQmmav30xgBpgWQmmav30xx69DV0RBzgfR3:HLKKQmmQ30g2QmmQ30gQmmQ30Or1QmmE
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-