Malicious
General
Structural Analysis
Config.2
Yara Rules4
Sync
Insights
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 201d86ccf6fe607b6ccdcd63bed5c20f
|
| Sha1 | e98a16eee1f386c9b735bf43c3758a3080c3acbd
|
| Sha256 | 90d1fc9272b5cdfba07a71d20338cf56f6bd4db8322cc44fbf7b7c284aaf06cf
|
| Sha384 | ac97c6967f9ffb72a6ebc189c6708daa56e75e4f457e8581260889ad9d48607f9987de9f9f2d2eff72c8738823c2c7ae
|
| Sha512 | d7997b6daadd64c49feb20c6d61f100676ea011529f58fcf1c5c1107f0474bcc29f75253490fc35e97eb6594f649e6d4e35a7b7351b2ea24d7c521a947df4ca9
|
| SSDeep | 6144:xgvZXFkAqS2EDoT76iNjZoZKACezorEWdAaeZry+P2og:QVl7emisFANdfcuH
|
| TLSH | DE541340D376A59EF083D13D6BE153ECD809759D6340C8E7D61F87EACA02E8EA3645A3
|
File Structure
README.docm
Office Document
Blacklist VBA
WinHttp.WinHttpRequest.5.1
ADODB.Stream
Scripting.FileSystemObject
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
word
Malicious
document.xml
Xml
_rels
document.xml.rels
Xml
vbaProject.bin.rels
Xml
vbaProject.bin
Office Document
Malicious
.
Malicious
Root Entry
Malicious
VBA
Malicious
dir
ThisDocument
Blacklist VBA
VBA Macro
Malicious
[Stored VBA]
Blacklist VBA
VBA Macro
Visual Basic
WinHttp.WinHttpRequest.5.1
ADODB.Stream
Scripting.FileSystemObject
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[PCode]
Blacklist VBA
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
Blacklist VBA
VBA Macro
Visual Basic
Decompiled
WinHttp.WinHttpRequest.5.1
ADODB.Stream
Scripting.FileSystemObject
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Decompiled VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
_VBA_PROJECT
PROJECT
PROJECTwm
media
image1.png
image1.png-preview.png
theme
theme1.xml
Xml
vbaData.xml
Xml
settings.xml
Xml
styles.xml
Xml
webSettings.xml
Xml
fontTable.xml
Xml
docProps
core.xml
Xml
app.xml
Xml
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | http://192.168.63.132/dowload.pdf |
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | http://192.168.63.132/dowload.pdf |
README.docm (288.56 KB)
File Structure
README.docm
Office Document
Blacklist VBA
WinHttp.WinHttpRequest.5.1
ADODB.Stream
Scripting.FileSystemObject
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
word
Malicious
document.xml
Xml
_rels
document.xml.rels
Xml
vbaProject.bin.rels
Xml
vbaProject.bin
Office Document
Malicious
.
Malicious
Root Entry
Malicious
VBA
Malicious
dir
ThisDocument
Blacklist VBA
VBA Macro
Malicious
[Stored VBA]
Blacklist VBA
VBA Macro
Visual Basic
WinHttp.WinHttpRequest.5.1
ADODB.Stream
Scripting.FileSystemObject
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[PCode]
Blacklist VBA
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
Blacklist VBA
VBA Macro
Visual Basic
Decompiled
WinHttp.WinHttpRequest.5.1
ADODB.Stream
Scripting.FileSystemObject
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Decompiled VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
_VBA_PROJECT
PROJECT
PROJECTwm
media
image1.png
image1.png-preview.png
theme
theme1.xml
Xml
vbaData.xml
Xml
settings.xml
Xml
styles.xml
Xml
webSettings.xml
Xml
fontTable.xml
Xml
docProps
core.xml
Xml
app.xml
Xml
Characteristics
vbaDNA - VBA Stomping & Purging Stategy detection
|
Module Name0 | ||
|---|---|---|
| ThisDocument | Blacklist VBA VBA Macro |
|
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | http://192.168.63.132/dowload.pdf |
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | http://192.168.63.132/dowload.pdf |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.
You must be signed in to post a comment.