General
-
Target
1 payment cash Deposit.doc
-
Size
1.8MB
-
Sample
230322-xm276aag42
-
MD5
eda174e3f27c80dcd19abfb5400c50d9
-
SHA1
14002d710bb0fc29a8103d3909c542e680020f63
-
SHA256
d6f3694d7c009f73f53fa28d77a65eafd3ae19c9d219982a71f150c514a86584
-
SHA512
9f6f9d61bc3de47b155d3d3aeed8044fe1b2951ea4ac89402e2dcf3decf991888ed28afb72e79c41abbc584ea51be98c08bc520aadb6531bb63ed77283e058e4
-
SSDEEP
24576:oyNh+vkSpIGa2e761oZziemHIYQGohgxg3je6H3qPwHDaw/oKmDJ9QZEpJqiLq38:y
Static task
static1
Behavioral task
behavioral1
Sample
1 payment cash Deposit.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1 payment cash Deposit.rtf
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
bn26
juweipai.com
assurance-mon-espace-sante.com
robqq.com
ablindear.com
socialmonkeys.co.uk
learningworldtech.com
imprese-it.com
themoodcollectives.africa
lutonmethodists.org.uk
castawaycovebnb.com
caronthemove.com
carolinacastro.uk
dcfashionweekintl.com
branchbasicsa.com
drpatrickakinsanya.africa
inventourownfuture.com
applege.top
whatamitiredof.com
daphan.pics
gardenstatevinyl.net
autocashflux.com
travelldn.co.uk
rietedelgobierno.net
bkcoin.info
tnpgroup.africa
ch8love.top
benrihome.com
fangjiejie.com
lasherasflorida.com
goldenfestivals.com
coeminnamfbank.africa
daily-farming.com
heart-attacktreatment.site
apexcarleasing.com
kronepol.buzz
flickflowgames.com
guanyuanlin.com
manualtherapycolchester.co.uk
bastuochspa.se
sherfreight.com
bosscitylabs.com
chantelle-ford.com
joshuaumeoha.africa
gamersfamilycheaters.com
janjicmedia.com
antiquality.club
bgods-guitars.com
97she82.xyz
herbertcodes.com
thestewspot.net
cheic.online
jailbii.design
24hrcollective.com
concretecontractorsumrall.com
la-boutique-de-lily.com
simpleyields.app
flylabel.style
1wyfoj.top
chaoren025.com
theethicalcoachingcompany.co.uk
6kap6-98.com
landoverseashk.com
dubairentalcar.luxury
draanabellrojas.com
fi-fo.info
Targets
-
-
Target
1 payment cash Deposit.doc
-
Size
1.8MB
-
MD5
eda174e3f27c80dcd19abfb5400c50d9
-
SHA1
14002d710bb0fc29a8103d3909c542e680020f63
-
SHA256
d6f3694d7c009f73f53fa28d77a65eafd3ae19c9d219982a71f150c514a86584
-
SHA512
9f6f9d61bc3de47b155d3d3aeed8044fe1b2951ea4ac89402e2dcf3decf991888ed28afb72e79c41abbc584ea51be98c08bc520aadb6531bb63ed77283e058e4
-
SSDEEP
24576:oyNh+vkSpIGa2e761oZziemHIYQGohgxg3je6H3qPwHDaw/oKmDJ9QZEpJqiLq38:y
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-