Malicious
71759bf29eabe50d148cffc76af0df59
MS Office Document | MD5: 71759bf29eabe50d148cffc76af0df59 | Size: 1.3 MB | application/vnd.ms-office
MS Office Document
MD5: 71759bf29eabe50d148cffc76af0df59
Size: 1.3 MB
application/vnd.ms-office
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 71759bf29eabe50d148cffc76af0df59
|
| Sha1 | 02841d2c882417b25079a6472831593ad9be854b
|
| Sha256 | aea199b36ee2217a7ad57c692e0b63bb6396dbe982c8b1a072881c4900356b54
|
| Sha384 | c48210e7bfa9469b47bca4c2beeba1ffc784052bb6aafc0322a77bc8d968de858ebf5def4edbc29f97a150a4bd496f6f
|
| Sha512 | cf7aa0e11f2c62a6b66ba5a9b12dac0706b7aa6430c8c7a6cc794cc35763d42a2fbaf00e0dd14cc867142782f1b9ee70f57ce887545d50aecb5296b39f542a54
|
| SSDeep | 24576:TJ9yggpgCkP3586TYyiMpVZmjFBFojyQtKIOIKlHpVQ6l7LIWIulQB5kilPXIRIY:T1pnVAQtvy
|
| TLSH | 0855D511F603C62BC699223148BAA3F53778AC491A864B57725CB33D3FF6B90DA47784
|
File Structure
71759bf29eabe50d148cffc76af0df59
Malicious
Root Entry
Malicious
CompObj
SummaryInformation
DocumentSummaryInformation
_VBA_PROJECT_CUR
Malicious
PROJECT
PROJECTwm
VBA
Malicious
dir
[Stored VBA]
Malicious
[Decompiled VBA]
Malicious
[Full Diff]
Malicious
Sheet7
Sheet8
Sheet9
[Stored VBA]
Malicious
[Decompiled VBA]
Malicious
[Stored VBA]
Malicious
[Full Diff]
Malicious
[Partial Diff]
Malicious
[Stored VBA]
Malicious
[Decompiled VBA]
Malicious
[Full Diff]
Malicious
[Partial Diff]
Malicious
Sheet10
Sheet11
Sheet12
Sheet13
Sheet14
Sheet15
Sheet16
Sheet18
Sheet20
Sheet21
Sheet36
__SRP_0
__SRP_1
__SRP_2
__SRP_3
__SRP_4
__SRP_5
__SRP_6
__SRP_7
__SRP_8
__SRP_9
__SRP_a
__SRP_b
__SRP_c
__SRP_d
__SRP_e
__SRP_f
__SRP_10
__SRP_11
__SRP_12
__SRP_13
__SRP_14
__SRP_15
__SRP_16
__SRP_17
__SRP_18
__SRP_19
__SRP_1a
__SRP_1b
__SRP_1c
__SRP_1d
__SRP_1e
__SRP_1f
__SRP_20
__SRP_21
__SRP_22
__SRP_23
__SRP_24
__SRP_25
__SRP_26
__SRP_27
__SRP_28
__SRP_29
__SRP_2a
__SRP_2b
__SRP_2c
__SRP_2d
__SRP_2e
__SRP_2f
__SRP_30
__SRP_31
__SRP_32
__SRP_33
__SRP_34
__SRP_35
__SRP_36
__SRP_37
ThisWorkbook
_VBA_PROJECT
Artefacts
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | http://www.frez.co.uk |
| URLs in VB Code - #1 | http://www.frez.co.uk |
| URLs in VB Code - #1 | http://www.frez.co.uk |
| URLs in VB Code - #1 | http://www.frez.co.uk |
71759bf29eabe50d148cffc76af0df59 (1.3 MB)
File Structure
71759bf29eabe50d148cffc76af0df59
Malicious
Root Entry
Malicious
CompObj
SummaryInformation
DocumentSummaryInformation
_VBA_PROJECT_CUR
Malicious
PROJECT
PROJECTwm
VBA
Malicious
dir
[Stored VBA]
Malicious
[Decompiled VBA]
Malicious
[Full Diff]
Malicious
Sheet7
Sheet8
Sheet9
[Stored VBA]
Malicious
[Decompiled VBA]
Malicious
[Stored VBA]
Malicious
[Full Diff]
Malicious
[Partial Diff]
Malicious
[Stored VBA]
Malicious
[Decompiled VBA]
Malicious
[Full Diff]
Malicious
[Partial Diff]
Malicious
Sheet10
Sheet11
Sheet12
Sheet13
Sheet14
Sheet15
Sheet16
Sheet18
Sheet20
Sheet21
Sheet36
__SRP_0
__SRP_1
__SRP_2
__SRP_3
__SRP_4
__SRP_5
__SRP_6
__SRP_7
__SRP_8
__SRP_9
__SRP_a
__SRP_b
__SRP_c
__SRP_d
__SRP_e
__SRP_f
__SRP_10
__SRP_11
__SRP_12
__SRP_13
__SRP_14
__SRP_15
__SRP_16
__SRP_17
__SRP_18
__SRP_19
__SRP_1a
__SRP_1b
__SRP_1c
__SRP_1d
__SRP_1e
__SRP_1f
__SRP_20
__SRP_21
__SRP_22
__SRP_23
__SRP_24
__SRP_25
__SRP_26
__SRP_27
__SRP_28
__SRP_29
__SRP_2a
__SRP_2b
__SRP_2c
__SRP_2d
__SRP_2e
__SRP_2f
__SRP_30
__SRP_31
__SRP_32
__SRP_33
__SRP_34
__SRP_35
__SRP_36
__SRP_37
ThisWorkbook
_VBA_PROJECT
Characteristics
vbaDNA - VBA Stomping & Purging Stategy detection
|
Module Name0 | ||
|---|---|---|
| Sheet6 | VBA Stomping ATT&CK T1564.007 Malicious Malicious Document VBA Macro |
|
| Sheet7 | VBA Macro |
|
| Sheet8 | VBA Macro |
|
| Sheet9 | VBA Macro |
|
| CSHA256 | VBA Stomping ATT&CK T1564.007 Malicious Malicious Document VBA Macro |
|
| Module1 | VBA Stomping ATT&CK T1564.007 Malicious Malicious Document Blacklist VBA VBA Macro |
|
| Module2 | Blacklist VBA VBA Macro |
|
| Module3 | VBA Stomping ATT&CK T1564.007 Malicious Malicious Document Blacklist VBA VBA Macro |
|
| Sheet10 | VBA Macro |
|
| Sheet11 | VBA Macro |
|
| Sheet12 | VBA Macro |
|
| Sheet13 | VBA Macro |
|
| Sheet14 | VBA Macro |
|
| Sheet15 | VBA Macro |
|
| Sheet16 | VBA Macro |
|
| Sheet18 | VBA Macro |
|
| Sheet20 | VBA Macro |
|
| Sheet21 | VBA Macro |
|
| Sheet36 | VBA Macro |
|
| ThisWorkbook | VBA Macro |
|
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | http://www.frez.co.uk |
71759bf29eabe50d148cffc76af0df59 |
| URLs in VB Code - #1 | http://www.frez.co.uk |
71759bf29eabe50d148cffc76af0df59 > [Repaired @0x0001AA61] |
| URLs in VB Code - #1 | http://www.frez.co.uk |
71759bf29eabe50d148cffc76af0df59 > Root Entry > _VBA_PROJECT_CUR > VBA > CSHA256 > [Stored VBA] |
| URLs in VB Code - #1 | http://www.frez.co.uk |
71759bf29eabe50d148cffc76af0df59 > Root Entry > _VBA_PROJECT_CUR > VBA > CSHA256 > [Decompiled VBA] |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.