General
Structural Analysis
Config.1
Yara Rules87
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 5f6b4d56557dc8daf07b3f2c0043ae4e
|
| Sha1 | b18f9e5ed1f960a6257bcce311434910768e1c29
|
| Sha256 | 9635f7683247fc44b627853d9eff6454325ada17faffb3cc06e7869e0da3bcdd
|
| Sha384 | 4f33b989822552ef2bfb879a5907a2c29df06ef1098a204c29b80741a54ad786f1a49b01afe53d1acc8b5468f9c0cfd8
|
| Sha512 | 98fb63d5f6dd0956fe392265905cbeee3fbd81c40036829b377e0ff798865dc4330fa142a73cb066eb7634a42f0f3c9f6e505ccb49ccd3447c85fc67104a4372
|
| SSDeep | 6144:WUkgSqkdQ8HET7S+llYbeKWXAevC93umjM:WL5H6GMlvXzyi
|
| TLSH | 2A54235AC25D2BE7F6D1C33657652384D520B59C6ACB419F58AF22D52C20FCEF32118B
|
File Structure
README_EvilClippy.docm
Malicious
[Content_Types].xml
docProps
app.xml
core.xml
word
Malicious
document.xml
fontTable.xml
settings.xml
styles.xml
vbaData.xml
vbaProject.bin
Malicious
.
Malicious
Root Entry
Malicious
VBA
Malicious
dir
[Stored VBA]
Malicious
[Decompiled VBA]
Malicious
_VBA_PROJECT
PROJECT
PROJECTwm
webSettings.xml
media
image1.png
image1.png-preview.png
theme
theme1.xml
_rels
document.xml.rels
vbaProject.bin.rels
_rels
.rels
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | http://192.168.63.132/dowload.pdf |
README_EvilClippy.docm (283.21 KB)
File Structure
README_EvilClippy.docm
Malicious
[Content_Types].xml
docProps
app.xml
core.xml
word
Malicious
document.xml
fontTable.xml
settings.xml
styles.xml
vbaData.xml
vbaProject.bin
Malicious
.
Malicious
Root Entry
Malicious
VBA
Malicious
dir
[Stored VBA]
Malicious
[Decompiled VBA]
Malicious
_VBA_PROJECT
PROJECT
PROJECTwm
webSettings.xml
media
image1.png
image1.png-preview.png
theme
theme1.xml
_rels
document.xml.rels
vbaProject.bin.rels
_rels
.rels
Characteristics
vbaDNA - VBA Stomping & Purging Stategy detection
|
Module Name0 | ||
|---|---|---|
| ThisDocument | VBA Stomping ATT&CK T1564.007 Malicious Malicious Document VBA Macro |
|
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | http://192.168.63.132/dowload.pdf |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.