Malicious
Malicious

6e22990a77f2a1cfbc835871923229a6

MS Word Document
|
MD5: 6e22990a77f2a1cfbc835871923229a6
|
Size: 188.32 KB
|
application/msword

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
6e22990a77f2a1cfbc835871923229a6
Sha1
4093f5a078d99cb321aa457b820aa82b6469fe52
Sha256
508d5a64aa5458d84162afa374167c46e778b1a02cef7ce2ed7aa1a3e95ca394
Sha384
f8e606817082fd548652b6eb4c9ab5dbcac08b3acbe523d485a0dbf653dced15bfd8dcb3d42ad6e2a34b1c8893edcf6c
Sha512
f6a9b260fc92d9916d774efb9aaa9edfb9820a774cffe60ead3a8c08546845b9d7fe006cde1e638422781e87846c5bed485464da870ab406e805332a363a4fcc
SSDeep
3072:YZ8AXSrAc3exgqB8ZEIfpscBGe4XwM9wsG9dfAoiBXGkYpOsISDCoeoy:YZ8A03S8r5BltPNd9WtYpORAhy
TLSH
6C04122B7135126EED8522F3E166B73DB22F5C17070B23022AB0B76D69C76D94EA1724
File Structure
6e22990a77f2a1cfbc835871923229a6
Malicious
[Content_Types].xml
_rels
.rels
word
Malicious
_rels
Malicious
document.xml.rels
header2.xml.rels
footer2.xml.rels
settings.xml.rels
Malicious
document.xml
footnotes.xml
footer2.xml
footer3.xml
header3.xml
endnotes.xml
header2.xml
media
image1.emf
image2.emf
embeddings
oleObject1.bin
Root Entry
Ole
CompObj
ObjInfo
CONTENTS
Text (Preview)
Page #1
#Stream {23}
#Stream {21}
#Stream {44}
#Stream {42}
#Stream {5}
Structure
oleObject2.bin
Root Entry
CONTENTS
Text (Preview)
Page #1
#Stream {7}
#Stream {9}
Structure
theme
theme1.xml
settings.xml
styles.xml
webSettings.xml
fontTable.xml
docProps
app.xml
core.xml
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://newtotalrecallingwithbestthignswtihentirreturnforbetterperofmancewithmegoodthings.doTX@r.glnint.com/LQHWuXB
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://newtotalrecallingwithbestthignswtihentirreturnforbetterperofmancewithmegoodthings.doTX@r.glnint.com/LQHWuXB" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Informations
Name
 Value
CONTENTS

1.2
CONTENTS

1.7
CONTENTS

CONTENTS

D:20240716171736+08'00'
CONTENTS

Microsoft Reporting Services 2019.11.0.0
CONTENTS

CONTENTS

MREIR-GateIn
CONTENTS

Microsoft Reporting Services PDF Rendering Extension 2019.11.0.0
CONTENTS

Microsoft Reporting Services 2019.11.0.0
CONTENTS

Microsoft Reporting Services PDF Rendering Extension 2019.11.0.0
CONTENTS

D:20240716171736+08'00'
Artefacts
Name
 Value
Remote Template - Highly Suspicious

https://newtotalrecallingwithbestthignswtihentirreturnforbetterperofmancewithmegoodthings.doTX@r.glnint.com/LQHWuXB
6e22990a77f2a1cfbc835871923229a6 (188.32 KB)
File Structure
6e22990a77f2a1cfbc835871923229a6
Malicious
[Content_Types].xml
_rels
.rels
word
Malicious
_rels
Malicious
document.xml.rels
header2.xml.rels
footer2.xml.rels
settings.xml.rels
Malicious
document.xml
footnotes.xml
footer2.xml
footer3.xml
header3.xml
endnotes.xml
header2.xml
media
image1.emf
image2.emf
embeddings
oleObject1.bin
Root Entry
Ole
CompObj
ObjInfo
CONTENTS
Text (Preview)
Page #1
#Stream {23}
#Stream {21}
#Stream {44}
#Stream {42}
#Stream {5}
Structure
oleObject2.bin
Root Entry
CONTENTS
Text (Preview)
Page #1
#Stream {7}
#Stream {9}
Structure
theme
theme1.xml
settings.xml
styles.xml
webSettings.xml
fontTable.xml
docProps
app.xml
core.xml
Characteristics
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://newtotalrecallingwithbestthignswtihentirreturnforbetterperofmancewithmegoodthings.doTX@r.glnint.com/LQHWuXB
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://newtotalrecallingwithbestthignswtihentirreturnforbetterperofmancewithmegoodthings.doTX@r.glnint.com/LQHWuXB" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value Location
Remote Template - Highly Suspicious

https://newtotalrecallingwithbestthignswtihentirreturnforbetterperofmancewithmegoodthings.doTX@r.glnint.com/LQHWuXB

Malicious

6e22990a77f2a1cfbc835871923229a6 > word > _rels > settings.xml.rels
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙