General
-
Target
6b9167056af49bf702c833ae4f581ef1.rtf
-
Size
561KB
-
Sample
240625-qb3k8avbkp
-
MD5
6b9167056af49bf702c833ae4f581ef1
-
SHA1
ed4886d86b8ad96a0a252190705d70e0fac9289b
-
SHA256
13bc94a2f39a03f509036ff58462b974c401cac0df52cce22223114f909b2f72
-
SHA512
4ba4fc52c2add76cb58cec62f9ae608108aa77374c63c4416f4e5c2ac0fc4bf3569f3520e1ac77994842789015c767d3bb2dd1d384221d5fa865ab54bfc51a07
-
SSDEEP
6144:dwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAuB+2:dB
Static task
static1
Behavioral task
behavioral1
Sample
6b9167056af49bf702c833ae4f581ef1.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6b9167056af49bf702c833ae4f581ef1.rtf
Resource
win10v2004-20240611-en
Malware Config
Extracted
formbook
4.1
btrd
everslane.com
prairieviewelectric.online
dszvhgd.com
papamuch.com
8129k.vip
jeffreestar.gold
bestguestrentals.com
nvzhuang1.net
anangtoto.com
yxfgor.top
practicalpoppers.com
thebestanglephotography.online
koormm.top
criika.net
audioflow.online
380747.net
jiuguanwang.net
bloxequities.com
v321c.com
sugar.monster
agriwithai.com
rd8.online
texanboxes.com
h7wlvwr4afx.top
furryfriendsupply.store
xmentorgroup.com
runccl.com
fairplaytavern.com
concretecountertopsolutios.com
wzxq.xyz
outletivo.com
studyasp.net
pure1027.com
xpffvn.cfd
liposuctionclinics2.today
rouchoug.top
rifasgados.com
tesourosobrerodas.site
1stclasstv.net
invest247on.com
watch2movie.xyz
martline.website
naddafornadda.com
drbtcbtc.com
turbrun.com
autounion999370.top
wirewizardselectric.net
0757hunyin.net
researchforhighschool.com
thedivorcesurvivalguide.com
emeraldsurrogatefabric.com
home-repair-contractors-kfm.xyz
onlynaturlpt.shop
agiletzal.site
dylanmoranrules.com
ngbbvuhkm5.asia
proveedorafrac.com
pho3nixkidsghana.com
greatfightcompany.com
hotnerdsg.com
thecolourgrey.com
librarylatte.com
videomademagic.com
coinrun.net
cnoszirzbkaqz.com
Targets
-
-
Target
6b9167056af49bf702c833ae4f581ef1.rtf
-
Size
561KB
-
MD5
6b9167056af49bf702c833ae4f581ef1
-
SHA1
ed4886d86b8ad96a0a252190705d70e0fac9289b
-
SHA256
13bc94a2f39a03f509036ff58462b974c401cac0df52cce22223114f909b2f72
-
SHA512
4ba4fc52c2add76cb58cec62f9ae608108aa77374c63c4416f4e5c2ac0fc4bf3569f3520e1ac77994842789015c767d3bb2dd1d384221d5fa865ab54bfc51a07
-
SSDEEP
6144:dwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAuB+2:dB
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-