General
-
Target
PO47696.xls
-
Size
933KB
-
Sample
230328-wakxnsdh8s
-
MD5
96f3bf73e444d45f8f9db96d6d6acf72
-
SHA1
65ddab32061e4a8d6aadc7c26a2811d92c2fe10a
-
SHA256
cd0ba91690bd303cc193df2e7744cad7feda1e5649b95dcda9a7de73ee0154e1
-
SHA512
3074b42b5eb295f2850460ee51bb8153479213ec274a02fab162adcacda044a9ed9f468fd97194bd30b2dd20eb1123044d0ec0e568d015fc3a1aa908b77abf02
-
SSDEEP
24576:TLKQSSMMednES+MXUNakAmmjmz+MXUnHWF222222222222222222222C22LZcV:TLKkMN+MXuaaow+MXVTcV
Static task
static1
Behavioral task
behavioral1
Sample
PO47696.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PO47696.xls
Resource
win10v2004-20230221-en
Malware Config
Extracted
formbook
4.1
sa79
aidigify.com
angelavamundson.xyz
glicotoday.fun
agencyforbuyers.com
blacklifecoachquiz.com
4e6aqw.site
huawei1990.com
diyetcay.online
chesirechefs.co.uk
generalhospitaleu.africa
hfewha.xyz
lemons2cents.com
rahilprakash.com
kave.tech
netlexfrance.net
youthexsa.africa
car-covers-40809.com
bambooactive.store
fotobugil48.com
kuhler.club
ftyon.xyz
cramyact1.info
finefrenchcaviar.co.uk
158029.xyz
doneswanneeds.com
campanianetwork.online
trade.boo
totaltrace.co.uk
grandgoldrange.africa
oliviahodges04.uk
eckiahe.club
imagebeuty.com
kutxa-incidencias.info
goodnewz.africa
alampsoldes.com
xuanliuchushaqi.com
leaf-spa.net
artblocks.bio
estres0.com
hcoltun.xyz
boostonsquelette.com
bettygrablerm.com
tulipbaddie.com
binosresidence.africa
sunnyola.com
guangxisangna.com
8888m.net
alaamriproducts.com
busy-people-gifts.com
i-sell-fun.com
grandnatali.ru
allstarssport.co.uk
cloud-spartan.co.uk
vitamincbd.africa
winelandsphotography.africa
ndyc.africa
cvbetter.co.uk
bestinvestment-trust.info
lblpackagestore.com
grabacionescaseras.com
fixmypothole.com
combatwash.com
brittnybuttondesign.net
eerieytorrent.com
heguangxueyuan.com
Targets
-
-
Target
PO47696.xls
-
Size
933KB
-
MD5
96f3bf73e444d45f8f9db96d6d6acf72
-
SHA1
65ddab32061e4a8d6aadc7c26a2811d92c2fe10a
-
SHA256
cd0ba91690bd303cc193df2e7744cad7feda1e5649b95dcda9a7de73ee0154e1
-
SHA512
3074b42b5eb295f2850460ee51bb8153479213ec274a02fab162adcacda044a9ed9f468fd97194bd30b2dd20eb1123044d0ec0e568d015fc3a1aa908b77abf02
-
SSDEEP
24576:TLKQSSMMednES+MXUNakAmmjmz+MXUnHWF222222222222222222222C22LZcV:TLKkMN+MXuaaow+MXVTcV
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-