General
-
Target
1aa76ce00f01882d5cd3d712b8052bc2.rtf
-
Size
81KB
-
Sample
240509-fry8mafb48
-
MD5
1aa76ce00f01882d5cd3d712b8052bc2
-
SHA1
b0cb1b9a8ada2812a013469ff5cf736b0f8da933
-
SHA256
9ae7ad0d29ba6a855eec28c8dca1b7b43063677139463dc54640d4232489d029
-
SHA512
ac7d9b0319aeab38a8bdea8c6094a4a73266d83ea4ee4974619bdc641197e58f1402089a9ab67a679df9920884214cfd5b69a4dcc9d8c3aa0d62165a67dcbdcb
-
SSDEEP
1536:77VscWY5jbOYcra/iDM+nRXsSH2lDG5ODlQfg4NaQ7rXwkpez4p7sRc1HudD:qxY5jyTra/iDM+nZsSHxODEgyt7jwkpi
Static task
static1
Behavioral task
behavioral1
Sample
1aa76ce00f01882d5cd3d712b8052bc2.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1aa76ce00f01882d5cd3d712b8052bc2.rtf
Resource
win10v2004-20240426-en
Malware Config
Extracted
formbook
4.1
ht3d
derlon.net
46gem.vip
bridal-heart-boutique.com
porarquitectura.com
durkal.online
9916k.vip
nativegarden.net
hoodjac.com
coachwunder.com
jutuowangluo.com
frankmontagna.com
jalenx.com
yhxg.net
brasserie-bro.com
whitecoatprivilege.com
sigmadriving.com
inhkipcmacau.com
freediveexperience.com
52iwin.com
aaditt.com
accesspathways.com
subhadarshini.online
zshoessale.com
rubyreverie.xyz
hrtacticalin.com
lordle.app
milfriedrichphotography.com
campbellforamerica.com
blessedunity.com
ema-blog.site
loxleyshop.com
mirfinans.com
xn--2o2b110a3rh.com
palmbarnj.com
weddingantonioemarina.com
debeukbv.net
rlknia.cfd
5redbull.com
dwbwoodworking.com
cab-bc.com
testingsol.com
scadamarket.com
ryan-waltz.com
62iwin.win
balkanapp.com
weatherproofit.net
1bytes.website
butterflygroup.net
sydneyridesfestival.net
licrodriguezpalma.com
sam2.site
data-list.online
fulhamwinebar.com
eissw.com
used-cars-77695.bond
get-bettingid.com
wow-professions.info
psicoimago.com
1788777.com
cikaslot.icu
sleepbetter.health
apple-ios-gps-us-19.ink
reallyrealclothing.store
earthoftender.com
isboston.net
Targets
-
-
Target
1aa76ce00f01882d5cd3d712b8052bc2.rtf
-
Size
81KB
-
MD5
1aa76ce00f01882d5cd3d712b8052bc2
-
SHA1
b0cb1b9a8ada2812a013469ff5cf736b0f8da933
-
SHA256
9ae7ad0d29ba6a855eec28c8dca1b7b43063677139463dc54640d4232489d029
-
SHA512
ac7d9b0319aeab38a8bdea8c6094a4a73266d83ea4ee4974619bdc641197e58f1402089a9ab67a679df9920884214cfd5b69a4dcc9d8c3aa0d62165a67dcbdcb
-
SSDEEP
1536:77VscWY5jbOYcra/iDM+nRXsSH2lDG5ODlQfg4NaQ7rXwkpez4p7sRc1HudD:qxY5jyTra/iDM+nZsSHxODEgyt7jwkpi
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-