General
-
Target
Quotation.xls
-
Size
1.0MB
-
Sample
230316-trytraea6t
-
MD5
37481dd391b76ee993eeac5d5784d226
-
SHA1
ed55c8ba6e3f83b9150d25c01e4b17c592ce0531
-
SHA256
63731f5b05a025ba4a799b245160bc8d5dff4ac8a299fea3809456ae861f40b3
-
SHA512
8b9e23f367b57ab1c1c6b08622f61e70d9540e01df37926f7486b358721c9e81ffa39d7441ad05b93498f7f61d82d14fb33a37f6dc087e42807ee78c7f36e7d4
-
SSDEEP
24576:FLKzWQmmav30xTjpmMjpmVEWnxLIuGh26fSHoJg99m:FLKSQmmQ308jGhJfSIC99m
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Quotation.xls
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
g2fg
snowcrash.website
pointman.us
newheartvalve.care
drandl.com
sandspringsramblers.com
programagubernamental.online
boja.us
mvrsnike.com
mentallyillmotherhood.com
facom.us
programagubernamental.store
izivente.com
roller-v.fr
amazonbioactives.com
metaverseapple.xyz
5gt-mobilevsverizon.com
gtwebsolutions.co
scottdunn.life
usdp.trade
pikmin.run
cardano-dogs.com
bf2hgfy.xyz
teslafoot.com
rubertquintana.com
wellsfargroewards.com
santel.us
couponatonline.com
theunitedhomeland.com
pmstnly.com
strlocal.com
shelleysmucker.com
youser.online
emansdesign.com
usnikeshoesbot.top
starfish.press
scotwork.us
metamorgana.com
onyxbx.net
rivas.company
firstcoastalfb.com
onpurposetraumainformedcare.com
celimot.xyz
jecunikepemej.rest
lenovolatenightit.com
unitedsterlingcompanyky.com
safety2venture.us
facebookismetanow.com
scottdunn.review
mentallyillmotherhood.com
firstincargo.com
vikavivi.com
investmenofpairs.club
nexans.cloud
farcloud.fr
ivermectinforhumans.quest
5gmalesdf.sbs
majenta.info
6vvvvvwmetam.top
metafirstclass.com
firstcoinnews.com
btcetffutures.online
funinfortmyers.com
mangoirslk.top
metaversebasicprivacy.com
blancheshelley.xyz
Targets
-
-
Target
Quotation.xls
-
Size
1.0MB
-
MD5
37481dd391b76ee993eeac5d5784d226
-
SHA1
ed55c8ba6e3f83b9150d25c01e4b17c592ce0531
-
SHA256
63731f5b05a025ba4a799b245160bc8d5dff4ac8a299fea3809456ae861f40b3
-
SHA512
8b9e23f367b57ab1c1c6b08622f61e70d9540e01df37926f7486b358721c9e81ffa39d7441ad05b93498f7f61d82d14fb33a37f6dc087e42807ee78c7f36e7d4
-
SSDEEP
24576:FLKzWQmmav30xTjpmMjpmVEWnxLIuGh26fSHoJg99m:FLKSQmmQ308jGhJfSIC99m
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-