General
-
Target
Purchase Order - R0136983.xls
-
Size
1.3MB
-
Sample
230328-g141xahc83
-
MD5
00950549802eb44db9b3d88778f8d0e4
-
SHA1
a427f038b5bcf7d745a5ea894464d733f5d60ae2
-
SHA256
baaf33dc951650d56f7604d13ee932371279fef9655f8e55a900c30007ed09c4
-
SHA512
8b2dcdab764327cfaa26c6dcce27234fe308c81c5a901079d343fee69d35e12929e1c7893480472901c26c39cb60db5d07c694301ce9052925ee271e1941d315
-
SSDEEP
24576:rLKJSSMMednEhakAmmjmFakAmmjmF+MXU/akAmmjmU+MXUt2222222222222222H:rLKzMyaaoWaaoK+MXoaaof+MX0tL
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order - R0136983.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Purchase Order - R0136983.xls
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
gn35
igusa.top
1cweb.online
ifoundmymind.com
highlightscorner.africa
kareeberg.com
conjurai.com
airforcevillagesinc.space
3dprintingpro.net
montelent.africa
willowscatsitting.co.uk
dental-implants-64653.com
byunfussy.com
jbpaintsolutions.com
caliner-bebe.com
hjd54c.com
ronabarandgrill.co.uk
financechainz.com
jsqualitycars.com
cortinasagave.store
barrowfordceltic.org.uk
juliezivah.com
awpl.xyz
goiqmg.shop
ghnrx.com
anantroop.com
gmkmc.com
reinifix.net
incus.top
corporaterelocatorslc.com
ruabsent.net
hanaulman.com
hyrxo.win
asiacrunch.com
cashpostemail.com
skegnesstaxiskegness.co.uk
independentdentistnetwork.com
boilerdenver.com
swissmadegoldwatches.com
fashionworldgame.com
crowflora.info
theneighbourhoodbagel.com
lehigh-valley-seo.com
dallasdailynews.online
habaker.co.uk
ldkj9qq.vip
urbanandcountryplumbers.africa
cpaexperts.net
everpresent-breathalysers.click
goods-servicestax.com
kevingarystaubdp.com
hhxll.com
justpeachiephotos.com
boxpartenrs.com
kyawscompany.com
fortismedtech.com
ise58.com
careofanimals.se
gfdopi.xyz
isotax.co.uk
hellafilth.com
stroudwildlifesurvey.org.uk
digiarchi.com
flamenspices.com
elektrik.plus
hollyweedtribune.com
Targets
-
-
Target
Purchase Order - R0136983.xls
-
Size
1.3MB
-
MD5
00950549802eb44db9b3d88778f8d0e4
-
SHA1
a427f038b5bcf7d745a5ea894464d733f5d60ae2
-
SHA256
baaf33dc951650d56f7604d13ee932371279fef9655f8e55a900c30007ed09c4
-
SHA512
8b2dcdab764327cfaa26c6dcce27234fe308c81c5a901079d343fee69d35e12929e1c7893480472901c26c39cb60db5d07c694301ce9052925ee271e1941d315
-
SSDEEP
24576:rLKJSSMMednEhakAmmjmFakAmmjmF+MXU/akAmmjmU+MXUt2222222222222222H:rLKzMyaaoWaaoK+MXoaaof+MX0tL
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-