General
-
Target
3f9c2a2bac5e829fd61db15ffda44387442cd91f7d84bb3d8e28b19c9ac098b0.doc
-
Size
16KB
-
Sample
240626-bj5cfsvfrg
-
MD5
e86424648b277754b74e507d51878e71
-
SHA1
e86498df0eb2a8514e0d55f9a33148779bf5b66d
-
SHA256
3f9c2a2bac5e829fd61db15ffda44387442cd91f7d84bb3d8e28b19c9ac098b0
-
SHA512
59c3c950a0f450b895b091fdf7f9664ed75124be0b7c699631b0a753bef062304151e1e58b3dfcc2032e819f339336c996482a6de94eee3e6327d24e8c51f84c
-
SSDEEP
384:0yXRxAxW4s8PL8wi4OEwH8TIbE91r2fR8JYbvimVmPFM:0cRM/5P3DOqnYJ6qvfVmPG
Static task
static1
Behavioral task
behavioral1
Sample
3f9c2a2bac5e829fd61db15ffda44387442cd91f7d84bb3d8e28b19c9ac098b0.docx
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
3f9c2a2bac5e829fd61db15ffda44387442cd91f7d84bb3d8e28b19c9ac098b0.docx
Resource
win10v2004-20240611-en
Malware Config
Extracted
formbook
4.1
btrd
everslane.com
prairieviewelectric.online
dszvhgd.com
papamuch.com
8129k.vip
jeffreestar.gold
bestguestrentals.com
nvzhuang1.net
anangtoto.com
yxfgor.top
practicalpoppers.com
thebestanglephotography.online
koormm.top
criika.net
audioflow.online
380747.net
jiuguanwang.net
bloxequities.com
v321c.com
sugar.monster
agriwithai.com
rd8.online
texanboxes.com
h7wlvwr4afx.top
furryfriendsupply.store
xmentorgroup.com
runccl.com
fairplaytavern.com
concretecountertopsolutios.com
wzxq.xyz
outletivo.com
studyasp.net
pure1027.com
xpffvn.cfd
liposuctionclinics2.today
rouchoug.top
rifasgados.com
tesourosobrerodas.site
1stclasstv.net
invest247on.com
watch2movie.xyz
martline.website
naddafornadda.com
drbtcbtc.com
turbrun.com
autounion999370.top
wirewizardselectric.net
0757hunyin.net
researchforhighschool.com
thedivorcesurvivalguide.com
emeraldsurrogatefabric.com
home-repair-contractors-kfm.xyz
onlynaturlpt.shop
agiletzal.site
dylanmoranrules.com
ngbbvuhkm5.asia
proveedorafrac.com
pho3nixkidsghana.com
greatfightcompany.com
hotnerdsg.com
thecolourgrey.com
librarylatte.com
videomademagic.com
coinrun.net
cnoszirzbkaqz.com
Targets
-
-
Target
3f9c2a2bac5e829fd61db15ffda44387442cd91f7d84bb3d8e28b19c9ac098b0.doc
-
Size
16KB
-
MD5
e86424648b277754b74e507d51878e71
-
SHA1
e86498df0eb2a8514e0d55f9a33148779bf5b66d
-
SHA256
3f9c2a2bac5e829fd61db15ffda44387442cd91f7d84bb3d8e28b19c9ac098b0
-
SHA512
59c3c950a0f450b895b091fdf7f9664ed75124be0b7c699631b0a753bef062304151e1e58b3dfcc2032e819f339336c996482a6de94eee3e6327d24e8c51f84c
-
SSDEEP
384:0yXRxAxW4s8PL8wi4OEwH8TIbE91r2fR8JYbvimVmPFM:0cRM/5P3DOqnYJ6qvfVmPG
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-