Malicious
Voo Cancelado Localizador RR9N4V.ppam.bin
MS Office Document | MD5: 730a8401140edb4c79d563f306ca529e | Size: 4.03 KB | application/vnd.ms-office
MS Office Document
MD5: 730a8401140edb4c79d563f306ca529e
Size: 4.03 KB
application/vnd.ms-office
Office Document
Blacklist VBA
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
DeObfuscated
VBScript
Obfuscated
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 730a8401140edb4c79d563f306ca529e
|
| Sha1 | 4870db7959bb526e5630c20a313c077d85e1ca5d
|
| Sha256 | 20274a55d76a2fbd5f2c0ab727758b21202b22af95f6c0edba01b4b8af060e11
|
| Sha384 | cbd53d64747a8c452867a904996be69a2ea06029ac7ec5d730de686024df7046f24d8286d746da1d5e835a6af21a825b
|
| Sha512 | 4b574dd64fe7ceb517889d68117247623f1e63655a88fe60e4979279532014d0e6ed361817975ded9efa950a1996d3174f07ccb0c2c5866949b8393e7667f8f4
|
| SSDeep | 48:9DxiKtleIq3iPyym9e74J4K2OOxh/AQJloaTWIiWe/eD3vGpVVDiMb1D:ZEKr9NP11Eh7OHAQJGIiWeGbv+jDiMbF
|
| TLSH | 0081FC1D9CCE260BCB268335E67444EBB76760AA4AA0765F3084F69C0996C43175F163
|
File Structure
Voo Cancelado Localizador RR9N4V.ppam.bin
Office Document
Blacklist VBA
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
DeObfuscated
VBScript
Obfuscated
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
ppt
Malicious
presentation.xml
Xml
_rels
presentation.xml.rels
Xml
vbaProject.bin
Office Document
Malicious
.
Malicious
Root Entry
Malicious
VBA
Malicious
dir
Módulo1
Blacklist VBA
VBA Macro
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
Malicious
[Stored VBA]
Blacklist VBA
VBA Macro
Visual Basic
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
DeObfuscated
VBScript
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
Malicious
_VBA_PROJECT
PROJECT
PROJECTwm
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | https://gist.githubusercontent.com/raigabrielmaia171/f292b9795eb3b28786c8bbd4e274772a/raw/98fd5de90bc0387f7d2ba2f6850f5d34a74d53a7/DASASDASDASD312312%2520-%2520Copia%2520(3).png |
Voo Cancelado Localizador RR9N4V.ppam.bin (4.03 KB)
File Structure
Voo Cancelado Localizador RR9N4V.ppam.bin
Office Document
Blacklist VBA
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
DeObfuscated
VBScript
Obfuscated
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
ppt
Malicious
presentation.xml
Xml
_rels
presentation.xml.rels
Xml
vbaProject.bin
Office Document
Malicious
.
Malicious
Root Entry
Malicious
VBA
Malicious
dir
Módulo1
Blacklist VBA
VBA Macro
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
Malicious
[Stored VBA]
Blacklist VBA
VBA Macro
Visual Basic
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
DeObfuscated
VBScript
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
Malicious
_VBA_PROJECT
PROJECT
PROJECTwm
Characteristics
vbaDNA - VBA Stomping & Purging Stategy detection
|
Module Name0 | ||
|---|---|---|
| Módulo1 | Blacklist VBA VBA Macro VBA Purging ATT&CK T1564.007 Malicious Malicious Document |
|
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | https://gist.githubusercontent.com/raigabrielmaia171/f292b9795eb3b28786c8bbd4e274772a/raw/98fd5de90bc0387f7d2ba2f6850f5d34a74d53a7/DASASDASDASD312312%2520-%2520Copia%2520(3).png |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.