General
-
Target
NOTAFISCAL-NFI3713.xls
-
Size
1.4MB
-
Sample
230718-g267nahd4z
-
MD5
922a4fe9ed2f9ad14b6b13e1a414c17b
-
SHA1
25011371b68b8755daf8ce768ef07b17c9049b15
-
SHA256
3d408327065ceea0baf658a2a718d879d16a84ff9a07336e7a705cf3d874e630
-
SHA512
93819827020824ca0122eea8ce11819af73f8d8e3d4d56bada63274828df126957bb6c4d2eff00b9cf804e864f5d43017eba85e7b920ae09c90c763b8c36946d
-
SSDEEP
24576:bpu9VNZylw6VSOZyHw6VleHBlEzp7uyR0bgcwyA52CcP5YwVux:bpuPR6VSYj6V8hOzagjyPP5Yj
Static task
static1
Behavioral task
behavioral1
Sample
NOTAFISCAL-NFI3713.xls
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
NOTAFISCAL-NFI3713.xls
Resource
win10v2004-20230703-en
Malware Config
Extracted
formbook
4.1
ms14
adjoinstaff.online
kmmdznky.cfd
keyviewgroup.com
kidomarketing.com
jroxtqpq.cfd
jdevmx.com
genqaagz.cfd
1cdpwp.cfd
francegoldvip.com
2qy218.xyz
peterscanner.com
trullys.com
aniwatch.top
windyhillcnc.com
pokazhu.com
r74jsy.cfd
paulgadgets.com
lindanewtee.com
lasik-de-de-8808230.zone
critone.site
qwevqgjw.cfd
lojaasoriginais.online
pgtjirqx.cfd
ypasbfxplu.shop
kartixworld.com
s6uqzj.com
xigauij.cfd
arizonaadoptionagencies.com
wecanshipit.com
chiccakes.site
v3rqa4.cfd
clasmiv.xyz
kwhkqovf.cfd
metabolismchecker.click
lilith-con.com
porterhayranch.com
rikkun501.com
sxbhpysr.cfd
jc1014.com
4213z0.com
wshaizapp.site
3jij6e.cfd
weddingscork.com
zingyi.com
ixs0o9.com
tchyhg.com
printsplit.online
nihil.one
worthitweld.com
venria.store
lglcyoy.cfd
kanmuftic.com
zbjcolwy.cfd
mlking99.net
eyyk63.cfd
tcnckkne.cfd
buddhabazaar.online
tissageparis.com
cacciatoridiofferte.com
duffledash.com
kmsvvybi.cfd
aqeabrdm.cfd
qhrxnxoe.cfd
fitnessline.app
civzbpp.xyz
Targets
-
-
Target
NOTAFISCAL-NFI3713.xls
-
Size
1.4MB
-
MD5
922a4fe9ed2f9ad14b6b13e1a414c17b
-
SHA1
25011371b68b8755daf8ce768ef07b17c9049b15
-
SHA256
3d408327065ceea0baf658a2a718d879d16a84ff9a07336e7a705cf3d874e630
-
SHA512
93819827020824ca0122eea8ce11819af73f8d8e3d4d56bada63274828df126957bb6c4d2eff00b9cf804e864f5d43017eba85e7b920ae09c90c763b8c36946d
-
SSDEEP
24576:bpu9VNZylw6VSOZyHw6VleHBlEzp7uyR0bgcwyA52CcP5YwVux:bpuPR6VSYj6V8hOzagjyPP5Yj
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-