General
-
Target
QUO684506.xls
-
Size
420KB
-
Sample
240514-h5htxaeh4y
-
MD5
65ae45789b58f1e03a4f8c3f178e6b30
-
SHA1
4eb87b3825da0d23d7f7091c2976e1e95cc40907
-
SHA256
1ccd3e2580b4e0de27bfeae3a92d638230c573704c66a06a0e11018224d176a0
-
SHA512
6d7da073e7280bf84612920a6371b19a1226fa50747587dbfe9fe10ed6bdf514ab8b171605d34a0a090d5f9ee3dbe4ec5e6fa379a73dc4675c8f4e46e359e864
-
SSDEEP
6144:NZ+RwPONXoRjDhIcp0fDlavx+W26nAHu8uniSHBMixiMK6G+ZFrTUvCp4sJgpQMD:31iQpozwjTqCfgdhd/+Z4uCz2BFmDiP
Static task
static1
Behavioral task
behavioral1
Sample
QUO684506.xls
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
QUO684506.xls
Resource
win10v2004-20240508-en
Malware Config
Extracted
formbook
4.1
ht3d
derlon.net
46gem.vip
bridal-heart-boutique.com
porarquitectura.com
durkal.online
9916k.vip
nativegarden.net
hoodjac.com
coachwunder.com
jutuowangluo.com
frankmontagna.com
jalenx.com
yhxg.net
brasserie-bro.com
whitecoatprivilege.com
sigmadriving.com
inhkipcmacau.com
freediveexperience.com
52iwin.com
aaditt.com
accesspathways.com
subhadarshini.online
zshoessale.com
rubyreverie.xyz
hrtacticalin.com
lordle.app
milfriedrichphotography.com
campbellforamerica.com
blessedunity.com
ema-blog.site
loxleyshop.com
mirfinans.com
xn--2o2b110a3rh.com
palmbarnj.com
weddingantonioemarina.com
debeukbv.net
rlknia.cfd
5redbull.com
dwbwoodworking.com
cab-bc.com
testingsol.com
scadamarket.com
ryan-waltz.com
62iwin.win
balkanapp.com
weatherproofit.net
1bytes.website
butterflygroup.net
sydneyridesfestival.net
licrodriguezpalma.com
sam2.site
data-list.online
fulhamwinebar.com
eissw.com
used-cars-77695.bond
get-bettingid.com
wow-professions.info
psicoimago.com
1788777.com
cikaslot.icu
sleepbetter.health
apple-ios-gps-us-19.ink
reallyrealclothing.store
earthoftender.com
isboston.net
Targets
-
-
Target
QUO684506.xls
-
Size
420KB
-
MD5
65ae45789b58f1e03a4f8c3f178e6b30
-
SHA1
4eb87b3825da0d23d7f7091c2976e1e95cc40907
-
SHA256
1ccd3e2580b4e0de27bfeae3a92d638230c573704c66a06a0e11018224d176a0
-
SHA512
6d7da073e7280bf84612920a6371b19a1226fa50747587dbfe9fe10ed6bdf514ab8b171605d34a0a090d5f9ee3dbe4ec5e6fa379a73dc4675c8f4e46e359e864
-
SSDEEP
6144:NZ+RwPONXoRjDhIcp0fDlavx+W26nAHu8uniSHBMixiMK6G+ZFrTUvCp4sJgpQMD:31iQpozwjTqCfgdhd/+Z4uCz2BFmDiP
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-