General
-
Target
39669a47b553f5d6b3ed6b730d7852f9.rtf
-
Size
22KB
-
Sample
230608-fx5btsda3z
-
MD5
39669a47b553f5d6b3ed6b730d7852f9
-
SHA1
74b365ae0dc316eee5de6df5911019cabe512efb
-
SHA256
8e353c1f1a7b0ddea3289b04cb2fb2bde6eacb21298cca8a0c2af37081e5be8d
-
SHA512
1efae6c19e86d02904b25cc4de9fb9114268ecc82d3743900e6057dc10a82db6286438dd21a534a59e8ed60597d198b3392a6e8c4a1fa5ce4116fa311da64a7b
-
SSDEEP
384:d8eKvpZlj7bLrJU/Wx1mEIZBFhqeq/d7SZ7DPvZ5pfiZcp2k4V7qQsqG14uT+hS1:dBeZljnLrJUOx180luZfp3p2kA7q1qED
Static task
static1
Behavioral task
behavioral1
Sample
39669a47b553f5d6b3ed6b730d7852f9.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
39669a47b553f5d6b3ed6b730d7852f9.rtf
Resource
win10v2004-20230220-en
Malware Config
Extracted
formbook
4.1
gtt8
42taijijian.com
rehnimiyanales.com
cst247.shop
usdt09.tech
lennartjahn.com
aaabestcbd.com
marketing-digital-france-2.xyz
be4time.com
slotyfly.com
parimaladragonflywellness.life
phonereda.com
01076.win
thehoundlounge.info
high-vent.co.uk
14thfeb.com
onlyforks.info
joseeandtim.com
mylegoclub.com
iuser-findmy.info
uninassaupolopinheiro.com
tgomubira.shop
nebulanurseries.com
userfirstinteractive.com
jttobrands.com
e-pasport.com
xfinity-emailreconfirm.com
flora-block.com
crsplife.com
yourtechhousecall.com
lorrainedavistraining.com
thrivixcollection.com
quetthesieure.com
enrysisland.tech
himedya1.shop
luteblush.shop
caishen2.top
bestsellernouveau.com
casnation.com
shesurfbyronbay.com
cm98g0.com
continuumgblsupport.com
indianrailways.tech
findfetishcams.com
terracarepropertyservices.com
sav-client-chronopost.info
kedaionline250.shop
FORUM-ROMANUM.NET
dico-live.com
cabanaatthepointe.com
kuendubeachresort.com
biodigitalhealthcare.net
terompa.site
yongbangsd.com
hana-life2525.com
vmagaz.fun
meuble-chaussure-entree.site
bibaha.live
mocktailmasters.fun
shielings-unmusical.click
plane-jaynes.com
miracle-island.com
tilescitybd.com
respondaquiz.online
municipiodesombrerete.com
housy.host
Targets
-
-
Target
39669a47b553f5d6b3ed6b730d7852f9.rtf
-
Size
22KB
-
MD5
39669a47b553f5d6b3ed6b730d7852f9
-
SHA1
74b365ae0dc316eee5de6df5911019cabe512efb
-
SHA256
8e353c1f1a7b0ddea3289b04cb2fb2bde6eacb21298cca8a0c2af37081e5be8d
-
SHA512
1efae6c19e86d02904b25cc4de9fb9114268ecc82d3743900e6057dc10a82db6286438dd21a534a59e8ed60597d198b3392a6e8c4a1fa5ce4116fa311da64a7b
-
SSDEEP
384:d8eKvpZlj7bLrJU/Wx1mEIZBFhqeq/d7SZ7DPvZ5pfiZcp2k4V7qQsqG14uT+hS1:dBeZljnLrJUOx180luZfp3p2kA7q1qED
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-