General
-
Target
January 10, 2024_Arkema_Order_Specification.doc
-
Size
148KB
-
Sample
240110-naplvsfbg8
-
MD5
84011c57a996b6ad4a5a2025b7e8debe
-
SHA1
8025e17b5409eba44ba4003330e54c7a235062cd
-
SHA256
0bf25515757d4679e3ae71532d7265e2c769574dd83ad3dffee9079cbaf08101
-
SHA512
f64499973f5ba834617594bffd73011ea3fbcfcf1d928d07e8fd73b4a5a5c0905005ec5d9f0c2122fa0b1aca48bc098a5be48e697fe3dbca6dffd15253b20bdc
-
SSDEEP
768:1wAbZSibMX9gRWjtwAbZSibMX9gRWjmdGMrkyh41ZPRppWF7y20Vmggu6:1wAlRkwAlRzvk/ZpppWF7yXt6
Static task
static1
Behavioral task
behavioral1
Sample
January 10, 2024_Arkema_Order_Specification.rtf
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
January 10, 2024_Arkema_Order_Specification.rtf
Resource
win10v2004-20231215-en
Malware Config
Extracted
formbook
4.1
sg36
cookfranschhoek.com
rajaslot138.today
eightfigureroundtable.com
sdklwdz.com
novaturienthealth.com
sk87k.xyz
defoutenmakers.online
eadsanuncios.com
drewkav.com
car-insurance-94416.bond
m3nm.site
6vab.site
towing-barnesville.top
authentifizierung-beginnen.com
thejmfc.com
beggiapizza.site
gttsfibermill.com
cdugood.com
dominiongeneralcontractors.com
deprepagos.com
writetoday.app
kinleysbeatyreveiws.com
ah-ysdl.com
pj2698.com
prosource-eu.com
realizzazionesitiinternet.net
hoidap360.com
poncetruckingshop.online
momsmobilegrooming.com
ghafirer.store
dhl.cyou
dalvalynch.net
14wow.com
bulletinod.lat
aisubrosa.com
ligneap.pics
nobusinessplan.com
callumwallace.com
kaisen-ebizo.com
bouhabba.com
onlyrl.com
dancokerss.online
sustainablepartners-la.com
wqks7.site
bzxtor.xyz
tecgulf.com
dailydei.com
summitpointkeyword.top
aniba.foundation
coolfashions.shop
bestmindbodyhealingpodcast.com
fulfide.com
va4is5w.sbs
reddy-fairplay.shop
bitflyer.global
menomonietowing.top
vwjq3.site
bbetslo.top
goldwin-open.online
totalpriceforyourhome.com
realestateadvice.site
dip2024.com
ashvalueprofilereport.com
mcdowelltowing.top
ldvicecream.com
Targets
-
-
Target
January 10, 2024_Arkema_Order_Specification.doc
-
Size
148KB
-
MD5
84011c57a996b6ad4a5a2025b7e8debe
-
SHA1
8025e17b5409eba44ba4003330e54c7a235062cd
-
SHA256
0bf25515757d4679e3ae71532d7265e2c769574dd83ad3dffee9079cbaf08101
-
SHA512
f64499973f5ba834617594bffd73011ea3fbcfcf1d928d07e8fd73b4a5a5c0905005ec5d9f0c2122fa0b1aca48bc098a5be48e697fe3dbca6dffd15253b20bdc
-
SSDEEP
768:1wAbZSibMX9gRWjtwAbZSibMX9gRWjmdGMrkyh41ZPRppWF7y20Vmggu6:1wAlRkwAlRzvk/ZpppWF7yXt6
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-