General
-
Target
Employee May performance report.vbs
-
Size
21KB
-
Sample
240611-xpr5zaxgll
-
MD5
eea263df06eedb62e8ef52449d443147
-
SHA1
7cdce2d9268039b378ad4aa43faa1b2f31824f2b
-
SHA256
5d876d62f1291cfc7bf91819bd1fe4ba4da76828e7542704fd2f2605a5fa39b7
-
SHA512
ced1a2bc7fe2bec45063b6a930bc7700502d8dfe33623e466a8917401a8f00b19ca0d37f47b0bbb15c21077c5d84b64760643a86b21f21e2d0a122d46aa829ab
-
SSDEEP
384:QphF0OupkJEIrWJIxrDhnbJ2JsEk2ZMPc6q:QphiOupkJRWJIxrlbQGElZMk6q
Static task
static1
Behavioral task
behavioral1
Sample
Employee May performance report.vbs
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Employee May performance report.vbs
Resource
win10v2004-20240508-en
Malware Config
Extracted
formbook
4.1
ty31
jejakunik.com
inb319.com
jifsjn.buzz
gkyukon.site
43443.cfd
cogil69id.com
oeaog.com
lpgatm.com
mymarketsales.com
tomclk.icu
404417.online
nysconstruction.com
ourwisequote.com
ahsanadvisory.com
ottawaherps.com
forevermust.com
apartments-for-rent-47679.bond
kdasjijaksdd.icu
buthaynah.com
manggungjayakanopi.com
cookygan.com
regalessencebeautystudio.com
material.directory
szxart.xyz
ykdbyjk.xyz
hankahve.com
tiituitdsa.net
avantbrews.com
springpace.com
seriesjeans.com
technikwunder.com
angellsonline.com
soujany.com
buysleepp.com
voltvanbage.com
qdhaohuisuan.com
bluedolphinshop.com
aguanegocios.com
abstractdiffusion.com
bahisanaliz16.xyz
weight-loss-34761.bond
x216.icu
twmallll.com
poalsdji.buzz
agtsolargrowth.biz
pixelcloudtec.com
0512155.com
mypsychedeliceducation.com
0306951.top
screw-air-compressor.com
10140wildhawk.com
antheaclinic.com
tppclients.com
needpickleball.com
iraq-visions.com
rtpbonanza138.skin
wjzjs.com
dw6msr8.icu
lepriossa.com
tiktokglobal.shop
youwu.autos
tripshipglobal.com
ncpekingducktogo.com
winbd24.com
xiaobanhome.com
Targets
-
-
Target
Employee May performance report.vbs
-
Size
21KB
-
MD5
eea263df06eedb62e8ef52449d443147
-
SHA1
7cdce2d9268039b378ad4aa43faa1b2f31824f2b
-
SHA256
5d876d62f1291cfc7bf91819bd1fe4ba4da76828e7542704fd2f2605a5fa39b7
-
SHA512
ced1a2bc7fe2bec45063b6a930bc7700502d8dfe33623e466a8917401a8f00b19ca0d37f47b0bbb15c21077c5d84b64760643a86b21f21e2d0a122d46aa829ab
-
SSDEEP
384:QphF0OupkJEIrWJIxrDhnbJ2JsEk2ZMPc6q:QphiOupkJRWJIxrlbQGElZMk6q
-
Formbook payload
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-