Sample File:

	MD5 hash:
		ec9f3c5bf085338ca182dac6a4e6aaab

	SHA1 hash:
		f5d638ed93d06834af8bc7df7d2737ab645b7fd7

	SHA256 hash:
		ea4a4162cd6ffad02d142c48067c1239253f688b8f163fd2887229d8a3240253

	SSDEEP hash:
		6144:WeXipcxLylQa5fVkfxLo5rmf4cpNQsgw2a/2Bi8GKjnloh4ios:WeXiUOFfy1+rmAMNKwTeY8GQloh4ios

	Filename(s):
		addin.xlam.xls

	Filetype:
		Excel Document


Mutex IOCs:

		- None -


Registry Key IOCs:

		HKEY_CLASSES_ROOT\Licenses
		HKEY_CLASSES_ROOT\TypeLib
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
		HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64
		HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}
		HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9
		HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\0
		HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\0\win64
		HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\409
		HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\9
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0
		HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BackGroundCompile
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnAllErrors
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnServerErrors
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\CompileOnDemand
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\NotifyUserBeforeStateLoss
		HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\RequireDeclaration


Domain IOCs:

		- None -


IP IOCs:

		157.56.120.207
		51.144.52.224


URL IOCs:

		- None -


File IOCs:

	Filenames:

		C:\Users\Nd9E1FYi\AppData\Local\Temp\proxyconf.dll
		C:\Users\Nd9E1FYi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Conime.lnk

	MD5 hashes:

		6ee9227fcc2f69b03e607f417766c5c7
		df525d7725ed63771626fb33c272dce0

	SHA1 hashes:

		8612b2aa73e0e234d904b7b07863bcdc1accd11c
		e29b0f80bf85d9f2d32a6812b27a8fd15cffd64f

	SHA256 hashes:

		6e7e55e48458356f698efa53a66c6861b7954b0f3c8eea4d2b3c605ef0bab910
		9a6930c3a11ded007e9b9c8904d5b4f78e7c278185795b4786374d5a88716f5e

	SSDEEP hashes:

		12:8Ul0nm/3BVSXzt1WlpcW+fTWlQEQ1XwEQ1IIhiNL4t2Yg859zXJ:8UlT/BuUlpV+fClO0a5I7
		1536:t7MENknZMUFHCRa7/ltkbkWpeYjPiXlACOmNZx8yM4dCf:t7MfiUFHCiQ0mklACOmWyR