General
-
Target
MT OCEAN STAR ISO 8217 2005.xlsx
-
Size
2.1MB
-
Sample
210223-b6h52bw412
-
MD5
3ba4a9ceac60a4e52398ac6fbd0ebc5b
-
SHA1
19b79bcd8982634747f1dfc6804687d60baf73b0
-
SHA256
ca4c055b60e84b73461e21062fc06924897c501944ec0f2a467fc4c21f13b342
-
SHA512
ff14cc9946821af0891fb2b8ae10006ea9902f31c6cfcc5bc6739270080a3862db34e718cf82838585662a3dbad74892db78e891092a9cd0e137e86684440686
Static task
static1
Behavioral task
behavioral1
Sample
MT OCEAN STAR ISO 8217 2005.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
MT OCEAN STAR ISO 8217 2005.xlsx
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.aone223.com/67d/
initiationportal.com
priority1fleet.com
xn--c1abvlc0ba.xn--p1acf
foto-golyh-devushek.com
losangeles-nightlife.com
mynewbandname.com
iaiibhzsbw.net
allwest-originals.com
peakofgoodlife.com
traeespana.com
prizotinstagram.online
powerd.net
rutharroyo.com
spreadtheaimee.com
tomleefamily.com
workingcompass.net
quallateematerial.com
davizion.com
ashleeramdanfit.com
gamers-evolution.com
bohrabiz.com
twigandbloomfloral.com
nhdpartners.com
wakedcma.com
algulotomotiv.com
kocaelikiralikvinc.com
listenupfoundation.net
studiozetamilano.com
luckybluebird.net
xigo100.com
hattonpalacejewellery.com
bolsasmariabonita.com
didierjammet.com
wndslve.com
wiprideinc.com
aktiv.plus
americanseniorcarecorp.com
calmbears.com
gearsevenfitness.com
naigves.com
stremate.webcam
awakenedbyowls.com
pelican-foot.com
t-c-o-t-c.com
disinfectingcinci.com
buyrealestatewithchris.com
g-grid.net
dodadungthongminh.asia
prospect300.com
rjutilities.com
mylegalmavens.com
talalmando.com
localheroes.space
writinglover.site
brink100.com
bim3dstudio.com
absak-lab1.net
torontodo.com
repwebtools.com
films4christians.com
raptorroofingcompany.com
lrrestoration.com
zhongqinglvyou.com
jangabeach.com
Targets
-
-
Target
MT OCEAN STAR ISO 8217 2005.xlsx
-
Size
2.1MB
-
MD5
3ba4a9ceac60a4e52398ac6fbd0ebc5b
-
SHA1
19b79bcd8982634747f1dfc6804687d60baf73b0
-
SHA256
ca4c055b60e84b73461e21062fc06924897c501944ec0f2a467fc4c21f13b342
-
SHA512
ff14cc9946821af0891fb2b8ae10006ea9902f31c6cfcc5bc6739270080a3862db34e718cf82838585662a3dbad74892db78e891092a9cd0e137e86684440686
-
Formbook Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-