General
-
Target
SOA.xls
-
Size
1.0MB
-
Sample
230329-jmh8dsfc83
-
MD5
521fc58d3dbb65572d40a1f06667166d
-
SHA1
ebec53204ce871df7820d9e19c753dcfdf7a078a
-
SHA256
efdb6f114d0c7bcbbce947287c49369d6094d82009f69c330b728027a02bffa4
-
SHA512
fdc2337cc5d1c9e558f1c112b68e5c501c08023eb070236c48507781b4bf63d0b66bdb394e87d999fe9d371bf730546ada5b72dbb9be01fc3aa1eabb400f9691
-
SSDEEP
24576:VLK9SSMMednEKakAmmjmRakAmmjmm+MXUL3OI2222222222222222222222S2rl:VLKXMhaaoeaaol+MXvS
Static task
static1
Behavioral task
behavioral1
Sample
SOA.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SOA.xls
Resource
win10v2004-20230221-en
Malware Config
Extracted
formbook
4.1
g2fg
snowcrash.website
pointman.us
newheartvalve.care
drandl.com
sandspringsramblers.com
programagubernamental.online
boja.us
mvrsnike.com
mentallyillmotherhood.com
facom.us
programagubernamental.store
izivente.com
roller-v.fr
amazonbioactives.com
metaverseapple.xyz
5gt-mobilevsverizon.com
gtwebsolutions.co
scottdunn.life
usdp.trade
pikmin.run
cardano-dogs.com
bf2hgfy.xyz
teslafoot.com
rubertquintana.com
wellsfargroewards.com
santel.us
couponatonline.com
theunitedhomeland.com
pmstnly.com
strlocal.com
shelleysmucker.com
youser.online
emansdesign.com
usnikeshoesbot.top
starfish.press
scotwork.us
metamorgana.com
onyxbx.net
rivas.company
firstcoastalfb.com
onpurposetraumainformedcare.com
celimot.xyz
jecunikepemej.rest
lenovolatenightit.com
unitedsterlingcompanyky.com
safety2venture.us
facebookismetanow.com
scottdunn.review
mentallyillmotherhood.com
firstincargo.com
vikavivi.com
investmenofpairs.club
nexans.cloud
farcloud.fr
ivermectinforhumans.quest
5gmalesdf.sbs
majenta.info
6vvvvvwmetam.top
metafirstclass.com
firstcoinnews.com
btcetffutures.online
funinfortmyers.com
mangoirslk.top
metaversebasicprivacy.com
blancheshelley.xyz
Targets
-
-
Target
SOA.xls
-
Size
1.0MB
-
MD5
521fc58d3dbb65572d40a1f06667166d
-
SHA1
ebec53204ce871df7820d9e19c753dcfdf7a078a
-
SHA256
efdb6f114d0c7bcbbce947287c49369d6094d82009f69c330b728027a02bffa4
-
SHA512
fdc2337cc5d1c9e558f1c112b68e5c501c08023eb070236c48507781b4bf63d0b66bdb394e87d999fe9d371bf730546ada5b72dbb9be01fc3aa1eabb400f9691
-
SSDEEP
24576:VLK9SSMMednEKakAmmjmRakAmmjmm+MXUL3OI2222222222222222222222S2rl:VLKXMhaaoeaaol+MXvS
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-