General
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.13523.31964.rtf
-
Size
138KB
-
Sample
240110-t3mwmacae9
-
MD5
12135005a3185366b4b27c706f1d0526
-
SHA1
11c701479e96c20ce16c3eb6e0e3d2249fd25ba0
-
SHA256
13b1f7955a9cf96f79b39effd8d08940cc7998c3aa934047a48ed3157d5a6db9
-
SHA512
3259b2c6b3aa8cf195521c9d85c899a3ebc9328597833ba5181bcd2421a9b5d65fcf468050b57933de5158e8501b8b00a1101a52fef7a0b6eebb25dcebf8a35a
-
SSDEEP
768:ewAbZSibMX9gRWjtwAbZSibMX9gRWjhxsceh5IohhYZK3rad35:ewAlRkwAlR6Kh5HhhGK3ud35
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.13523.31964.rtf
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.13523.31964.rtf
Resource
win10v2004-20231215-en
Malware Config
Extracted
formbook
4.1
sg36
cookfranschhoek.com
rajaslot138.today
eightfigureroundtable.com
sdklwdz.com
novaturienthealth.com
sk87k.xyz
defoutenmakers.online
eadsanuncios.com
drewkav.com
car-insurance-94416.bond
m3nm.site
6vab.site
towing-barnesville.top
authentifizierung-beginnen.com
thejmfc.com
beggiapizza.site
gttsfibermill.com
cdugood.com
dominiongeneralcontractors.com
deprepagos.com
writetoday.app
kinleysbeatyreveiws.com
ah-ysdl.com
pj2698.com
prosource-eu.com
realizzazionesitiinternet.net
hoidap360.com
poncetruckingshop.online
momsmobilegrooming.com
ghafirer.store
dhl.cyou
dalvalynch.net
14wow.com
bulletinod.lat
aisubrosa.com
ligneap.pics
nobusinessplan.com
callumwallace.com
kaisen-ebizo.com
bouhabba.com
onlyrl.com
dancokerss.online
sustainablepartners-la.com
wqks7.site
bzxtor.xyz
tecgulf.com
dailydei.com
summitpointkeyword.top
aniba.foundation
coolfashions.shop
bestmindbodyhealingpodcast.com
fulfide.com
va4is5w.sbs
reddy-fairplay.shop
bitflyer.global
menomonietowing.top
vwjq3.site
bbetslo.top
goldwin-open.online
totalpriceforyourhome.com
realestateadvice.site
dip2024.com
ashvalueprofilereport.com
mcdowelltowing.top
ldvicecream.com
Targets
-
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.13523.31964.rtf
-
Size
138KB
-
MD5
12135005a3185366b4b27c706f1d0526
-
SHA1
11c701479e96c20ce16c3eb6e0e3d2249fd25ba0
-
SHA256
13b1f7955a9cf96f79b39effd8d08940cc7998c3aa934047a48ed3157d5a6db9
-
SHA512
3259b2c6b3aa8cf195521c9d85c899a3ebc9328597833ba5181bcd2421a9b5d65fcf468050b57933de5158e8501b8b00a1101a52fef7a0b6eebb25dcebf8a35a
-
SSDEEP
768:ewAbZSibMX9gRWjtwAbZSibMX9gRWjhxsceh5IohhYZK3rad35:ewAlRkwAlR6Kh5HhhGK3ud35
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-