General
-
Target
DHL STATEMENT OF ACCOUNT.xls
-
Size
1.0MB
-
Sample
230404-stnacsaa9t
-
MD5
628e94549cd48390032b9c3e5dcf9d85
-
SHA1
fe6e6a48c1d72950d00d9b61c6a336d2f15ed4f7
-
SHA256
b7a66f850f21e75d9e4dfb0deaacc0426436b99e9b98a825d6a3cec94988a736
-
SHA512
7f924c7eccdb62b8e8b2c25e14dda617876ad23a8fca94e6185bf37009279cac015042f4ffe3485de1adc2160d5f951a3eac66f29b01dcb5c6bef8e2c7496500
-
SSDEEP
12288:M8aFiKXKlcqUu9VnewiiDArDqUu9VneqqUu9VneYilPArgqUu9VneIArpJdx1sx1:SLKlKu9Vmu9V/u9Veu9VyT2x6w
Static task
static1
Behavioral task
behavioral1
Sample
DHL STATEMENT OF ACCOUNT.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DHL STATEMENT OF ACCOUNT.xls
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
ar73
classgorilla.com
b6817.com
1wwuwa.top
dgslimited.africa
deepwaterships.com
hkshshoptw.shop
hurricanevalleyatvjamboree.com
ckpconsulting.com
laojiangmath.com
authenticityhacking.com
family-doctor-53205.com
investinstgeorgeut.com
lithoearthsolution.africa
quickhealcareltd.co.uk
delightkgrillw.top
freezeclosettoilet.com
coo1star.com
gemgamut.com
enrichednetworksolutions.com
betterbeeclean.com
kbmstr.com
colorusainc.com
five-dollar-meals.com
baozhuang8.com
la-home-service.com
innovantexclusive.com
chateaudevillars.co.uk
echadholisticbar.com
naijacarprices.africa
4652.voto
kraftheonz.com
ingrambaby.com
braeunungsoel.ch
sweetcariadgifts.co.uk
kui693.com
akatov-top.ru
epollresearch.online
cupandsaucybooks.com
arredobagno.club
gt.sale
dskincare.com
cursosemcasa.site
leaf-spa.net
deathbeforedeceit.com
azvvs.com
laptops-39165.com
ccwt.vip
011965.com
mtevz.online
jacksontcpassettlement.com
aldeajerusalen.com
kellnovaglobalfood.info
alphametatek.online
lcssthh.com
dumelogold9ja.africa
d-storic.com
mogi.africa
ghostt.net
aksharsigns.online
goglucofort.com
b708.com
controlplus.systems
lightandstory.info
invstcai.sbs
2348x.com
Targets
-
-
Target
DHL STATEMENT OF ACCOUNT.xls
-
Size
1.0MB
-
MD5
628e94549cd48390032b9c3e5dcf9d85
-
SHA1
fe6e6a48c1d72950d00d9b61c6a336d2f15ed4f7
-
SHA256
b7a66f850f21e75d9e4dfb0deaacc0426436b99e9b98a825d6a3cec94988a736
-
SHA512
7f924c7eccdb62b8e8b2c25e14dda617876ad23a8fca94e6185bf37009279cac015042f4ffe3485de1adc2160d5f951a3eac66f29b01dcb5c6bef8e2c7496500
-
SSDEEP
12288:M8aFiKXKlcqUu9VnewiiDArDqUu9VneqqUu9VneYilPArgqUu9VneIArpJdx1sx1:SLKlKu9Vmu9V/u9Veu9VyT2x6w
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-