General
-
Target
1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c.zip
-
Size
1.1MB
-
Sample
231022-vlnbhadc47
-
MD5
9e64631fc71c42267258c700681277aa
-
SHA1
0cb9b7ee85463648a1f4897cd9fd867b98e59aa1
-
SHA256
fa32dcb24289e2052435ccbf29f391219d949de88dd5cc9c2c7685050b0eec34
-
SHA512
03e53858e95267a619074589ca19c228c4a6103670977bb4d3c5ea3ac25dc79dd3fce978fd8de04b4f08be867cc67ae1cdb040ed0bc1c4ecaf00277d54960601
-
SSDEEP
24576:kttD8+Vwtt6N2ZiXhg26vArB/bwg9L/YFTex+xOm+25zIC:kt1Bx+iXfr+glIWHmr5zIC
Static task
static1
Behavioral task
behavioral1
Sample
1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c.xls
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c.xls
Resource
win10v2004-20231020-en
Malware Config
Extracted
formbook
4.1
sy22
vinteligencia.com
displayfridges.fun
completetip.com
giallozafferrano.com
jizihao1.com
mysticheightstrail.com
fourseasonslb.com
kjnala.shop
mosiacwall.com
vandistreet.com
gracefullytouchedartistry.com
hbiwhwr.shop
mfmz.net
hrmbrillianz.com
funwarsztat.com
polewithcandy.com
ourrajasthan.com
wilhouettteamerica.com
johnnystintshop.com
asgnelwin.com
alcmcyu.com
thwmlohr.click
gypseascuba.com
mysonisgaythemovie.com
sunriseautostorellc.com
fuhouse.link
motorcycleglassesshop.com
vaskaworldairways.com
qixservice.online
b2b-scaling.com
03ss.vip
trishpintar.com
gk84.com
omclaval.com
emeeycarwash.com
wb7mnp.com
kimgj.com
278809.com
summitstracecolumbus.com
dryadai.com
vistcreative.com
weoliveorder.com
kwamitikki.com
cjk66.online
travisline.pro
mercardosupltda.shop
sunspotplumbing.com
podplugca.com
leontellez.com
fzturf.com
docomo-mobileconsulting.com
apneabirmingham.info
rollesgraciejiujitsu.com
sx15k.com
kebobcapital.com
91967.net
claudiaduverglas.com
zhperviepixie.com
oliwas.xyz
flowersinspace.tech
uadmxqby.click
greatbaitusa.com
drpenawaraircondhargarahmah.com
sofbks.top
sarthaksrishticreation.com
Targets
-
-
Target
1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c.xls
-
Size
1.5MB
-
MD5
71368866925c23e35d340705fae95002
-
SHA1
8b2e76a61f33f053eb4fc2f2bc3600917e7d1d09
-
SHA256
1f30b513d1315b7a9432f9cf2937d5c4728455fbd7c681a552b94f57a849757c
-
SHA512
6bddbc8a6824bf2d7137042b762da78d8c02e6756f488003a8d142cc7b111720710f4f31034e8d9c1dca33847ac822a9ed81d2e97f647d0708ddb5db271461f6
-
SSDEEP
24576:cWQmmav30xrmZy3w6VA3bVNRFZyVw6VC3bVG4nvsLtbtecTQ5WWkK3q/0wkex:xQmmQ309wP6VA3bVDN6VC3bV25tBTTKg
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-