General
-
Target
30% Payment Receipt.doc
-
Size
42KB
-
Sample
230626-kf6wjsaa2y
-
MD5
d4bc695be1f64cb89c061b21b06815a2
-
SHA1
4056cdfa99fe137e1324be62763aee23d1990eb7
-
SHA256
ad167c04c640a9777e7b6bb420e64b5cc46a0fd588820f6895420991465944a0
-
SHA512
1ddb705be7d901acd7f9889bdfb4491ce4c5a9619884f083c79ac4046285d786e54ce6aabcf4eacbf6fc522804c27b8cc88f20b5077ef249d0f9c93390806221
-
SSDEEP
768:rFx0XaIsnPRIa4fwJMo30VYWEfOH/cNUWTL4QUATxZA9fSP3/Uz+o4KSAIR:rf0Xvx3EMo32YWEfrkVAV//Uz+o46IR
Static task
static1
Behavioral task
behavioral1
Sample
30% Payment Receipt.rtf
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
30% Payment Receipt.rtf
Resource
win10v2004-20230621-en
Malware Config
Extracted
formbook
4.1
xchu
zcartoons.com
castilloshowroom.com
3bmmdtod.life
misaxoxo.com
nadiya.online
sykkbup29.xyz
triciaaprimrosevp.com
newleter.com
ptzslk.xyz
lightbulbfestival.com
texaslandline.com
ideeintemporelle.com
girljustdoitpodcast.com
medimediamarketing.com
bunk7outfitters.com
charlievgrfminnick.click
lifestyleinthehome.com
atfbestsale.online
frontdoorproperties.co.uk
grandpaswag2024.info
masterbidbox.com
twinmall.xyz
apihb.com
tanbuhelir.com
excortclub.com
avxxxtube.com
dayonetaxes.com
xx7zncjthyo.xyz
barhat-dance.online
wxbaonayue.com
sorunsuzyayinburada9.shop
so-do-to.com
bonettr.com
gosucculents.com
axcelus.mobi
elityou.com
82163.xyz
ugfc.monster
wxxinglong.com
fleurdelis-ksa.com
australiaxxxhookup.com
hieu.asia
lailashawa.com
littlefoxgrp.com
modi.codes
frenchmattie.com
francoishogue-rpg.com
ntzb1.vip
adfoidoas.shop
meter-ooh.com
mamarosarienne.online
sharonmevans.com
ccapltal.com
ewardsrq.com
rgmtrucking.com
nilhanzsa.net
prodemtim-healthy-gums.com
aviationsoftware.aero
frog.lol
hauntingmedia.com
newindianewsnetwork.com
calfamfitclasses.net
sparrow-coffee.com
centralcoastquotes.com
tangocitymoscow.com
Targets
-
-
Target
30% Payment Receipt.doc
-
Size
42KB
-
MD5
d4bc695be1f64cb89c061b21b06815a2
-
SHA1
4056cdfa99fe137e1324be62763aee23d1990eb7
-
SHA256
ad167c04c640a9777e7b6bb420e64b5cc46a0fd588820f6895420991465944a0
-
SHA512
1ddb705be7d901acd7f9889bdfb4491ce4c5a9619884f083c79ac4046285d786e54ce6aabcf4eacbf6fc522804c27b8cc88f20b5077ef249d0f9c93390806221
-
SSDEEP
768:rFx0XaIsnPRIa4fwJMo30VYWEfOH/cNUWTL4QUATxZA9fSP3/Uz+o4KSAIR:rf0Xvx3EMo32YWEfrkVAV//Uz+o46IR
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-