3b3eaa7fb38a1bc3ac7d28f8782c9cc7

MS Excel Document
|
MD5: 3b3eaa7fb38a1bc3ac7d28f8782c9cc7
|
Size: 16.43 KB
|
application/vnd.ms-excel

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	3b3eaa7fb38a1bc3ac7d28f8782c9cc7
Sha1	27471ac05683f86644548152c63648d1684b167a
Sha256	5219e2153ee7c7adb4e81b4d136ae993dc4e9fb8e94d2858c42f4844253d78a8
Sha384	9a40ee01aaff5f8dda709bc6f0acdcca1a7bd545bfede2c156fa7d0c833d3f294a1648f52ddd6c16370bbb7fd7eb36a2
Sha512	5021a290521bcd184f50151aa9d9992e8a46a7601c534c2317f59657333d34041d11d272640d41499a5141f696a7cd71b343b0bf4ecfe1740b539995fa71dd66
SSDeep	192:K20IFhUF9MJ6+T+F9pUUW6lTYMSxdnPR80B+PqILefHUmz7zbZJ4K6Ll2XNKOsI5:Xz2F9MJPjhlQLefHUWbT4K6woaa74
TLSH	2572AF2EC690A479E9B9183CD40F057396B924519A80BE0F3610B26C3F6929757CF3C6

File Structure

Artefacts

Name0	Value
URLs in VB Code - #1	http://169.254.169.254/latest/meta-data/iam/security-credentials/
URLs in VB Code - #2	https://webhook.site/6d61998b-a8fb-4e57-874d-d2e9a38bda79?roleNames=
URLs in VB Code - #1	http://169.254.169.254/latest/meta-data/iam/security-credentials/
URLs in VB Code - #2	https://webhook.site/6d61998b-a8fb-4e57-874d-d2e9a38bda79?roleNames=

3b3eaa7fb38a1bc3ac7d28f8782c9cc7 (16.43 KB)

File Structure

Characteristics

vbaDNA - VBA Stomping & Purging Stategy detection

	Module Name0
	ThisWorkbook	Blacklist VBA VBA Macro

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
URLs in VB Code - #1	http://169.254.169.254/latest/meta-data/iam/security-credentials/	3b3eaa7fb38a1bc3ac7d28f8782c9cc7 > xl > vbaProject.bin > Root Entry > VBA > ThisWorkbook > [Decompiled VBA]
URLs in VB Code - #2	https://webhook.site/6d61998b-a8fb-4e57-874d-d2e9a38bda79?roleNames=	3b3eaa7fb38a1bc3ac7d28f8782c9cc7 > xl > vbaProject.bin > Root Entry > VBA > ThisWorkbook > [Decompiled VBA]
URLs in VB Code - #1	http://169.254.169.254/latest/meta-data/iam/security-credentials/	3b3eaa7fb38a1bc3ac7d28f8782c9cc7 > xl > vbaProject.bin > Root Entry > VBA > ThisWorkbook > [Stored VBA]
URLs in VB Code - #2	https://webhook.site/6d61998b-a8fb-4e57-874d-d2e9a38bda79?roleNames=	3b3eaa7fb38a1bc3ac7d28f8782c9cc7 > xl > vbaProject.bin > Root Entry > VBA > ThisWorkbook > [Stored VBA]

You must be signed in to post a comment.