Malicious
a43bcb6aefde2133474a3a3cc069f2f7
MS Office Document | MD5: a43bcb6aefde2133474a3a3cc069f2f7 | Size: 1.3 MB | application/vnd.ms-office
MS Office Document
MD5: a43bcb6aefde2133474a3a3cc069f2f7
Size: 1.3 MB
application/vnd.ms-office
Office Document
Corrupted
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
DeObfuscated
VBScript
T1059.005
Obfuscated
Excel.sheet
WScript.Shell
Shell.Application
General
Structural Analysis
Config.0
Yara Rules99+
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | a43bcb6aefde2133474a3a3cc069f2f7
|
| Sha1 | 3e7822f1045a025010cf50110f90d54924f40a25
|
| Sha256 | 751f9fabe3997ba63e604599dc50b6a1ec3f7ed4a0d86ae3dff6d562a6277a23
|
| Sha384 | 944cb019fe2b67ee9a16f9b03c55d6d79d42573511491ea4c9dffa8c1e414f4a742c0f8d84608cacdf612c939f60cef4
|
| Sha512 | 762482873baf40a65404129c22dfdce04e4f300ac9b1d315d48efc3ab3b3a974ec1b0100a80c5c48f27d586d419d64a9539844252d0b4e579a4c2d338b4d88e3
|
| SSDeep | 24576:LJ9yggpgCkqY586TYyiMptZmjFBFojyQtKIOIKlHpVQ6l7LIWIulQB5kilPXIRI8:LoWntAQtve
|
| TLSH | A955D511F603C62BC699223148BAA3F53778AC491A864B57725CB33D3FF6B90DA47784
|
File Structure
a43bcb6aefde2133474a3a3cc069f2f7
Office Document
Corrupted
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
DeObfuscated
VBScript
T1059.005
Obfuscated
Excel.sheet
WScript.Shell
Shell.Application
Malicious
[Repaired @0x0001AA65]
Office Document
Corrupted
Malicious
Root Entry
Malicious
CompObj
Workbook
Office Document
Corrupted
Malicious
[Repaired @0x0001A865]
Office Document
Corrupted
Malicious
SummaryInformation
DocumentSummaryInformation
_VBA_PROJECT_CUR
Malicious
PROJECT
PROJECTwm
VBA
Malicious
dir
Sheet6
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Malicious
[Stored VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[PCode]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
VBA P-Code
Disassembly
Malicious
[Decompiled VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
Decompiled
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Decompiled VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[Full Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Full Diff].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[Partial Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
Malicious
Sheet7
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet8
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Decompiled VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Sheet9
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
CSHA256
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Malicious
[Stored VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
VBA P-Code
Disassembly
Malicious
[Decompiled VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
[Full Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
Malicious
[Partial Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
Malicious
Module1
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Malicious
[Stored VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Excel.sheet
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[PCode]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
VBA P-Code
Disassembly
Malicious
[Decompiled VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Decompiled
Excel.sheet
DeObfuscated
Obfuscated
VBScript
Malicious
[Full Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Full Diff].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[Partial Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Malicious
Module2
Blacklist VBA
VBA Macro
Malicious
[Stored VBA]
Blacklist VBA
VBA Macro
Visual Basic
WScript.Shell
Shell.Application
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[PCode]
Blacklist VBA
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
Blacklist VBA
VBA Macro
Visual Basic
Decompiled
WScript.Shell
Shell.Application
DeObfuscated
Obfuscated
VBScript
Malicious
Module3
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Malicious
[Stored VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Malicious
[PCode]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
VBA P-Code
Disassembly
Malicious
[Decompiled VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Decompiled
Malicious
[Full Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Full Diff].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[Partial Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Malicious
Sheet10
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet11
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet12
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet13
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet14
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet15
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet16
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet18
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet20
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet21
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Decompiled VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Sheet36
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
__SRP_0
__SRP_1
__SRP_2
__SRP_3
__SRP_4
__SRP_5
__SRP_6
__SRP_7
__SRP_8
__SRP_9
__SRP_a
__SRP_b
__SRP_c
__SRP_d
__SRP_e
__SRP_f
__SRP_10
__SRP_11
__SRP_12
__SRP_13
__SRP_14
__SRP_15
__SRP_16
__SRP_17
__SRP_18
__SRP_19
__SRP_1a
__SRP_1b
__SRP_1c
__SRP_1d
__SRP_1e
__SRP_1f
__SRP_20
__SRP_21
__SRP_22
__SRP_23
__SRP_24
__SRP_25
__SRP_26
__SRP_27
__SRP_28
__SRP_29
__SRP_2a
__SRP_2b
__SRP_2c
__SRP_2d
__SRP_2e
__SRP_2f
__SRP_30
__SRP_31
__SRP_32
__SRP_33
__SRP_34
__SRP_35
__SRP_36
__SRP_37
ThisWorkbook
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
_VBA_PROJECT
Artefacts
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | http://www.frez.co.uk |
| URLs in VB Code - #1 | http://www.frez.co.uk |
| URLs in VB Code - #1 | http://www.frez.co.uk |
| URLs in VB Code - #1 | http://www.frez.co.uk |
a43bcb6aefde2133474a3a3cc069f2f7 (1.3 MB)
File Structure
a43bcb6aefde2133474a3a3cc069f2f7
Office Document
Corrupted
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
DeObfuscated
VBScript
T1059.005
Obfuscated
Excel.sheet
WScript.Shell
Shell.Application
Malicious
[Repaired @0x0001AA65]
Office Document
Corrupted
Malicious
Root Entry
Malicious
CompObj
Workbook
Office Document
Corrupted
Malicious
[Repaired @0x0001A865]
Office Document
Corrupted
Malicious
SummaryInformation
DocumentSummaryInformation
_VBA_PROJECT_CUR
Malicious
PROJECT
PROJECTwm
VBA
Malicious
dir
Sheet6
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Malicious
[Stored VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[PCode]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
VBA P-Code
Disassembly
Malicious
[Decompiled VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
Decompiled
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Decompiled VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[Full Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Full Diff].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[Partial Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
Malicious
Sheet7
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet8
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Decompiled VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Sheet9
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
CSHA256
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Malicious
[Stored VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
VBA P-Code
Disassembly
Malicious
[Decompiled VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
[Full Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
Malicious
[Partial Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
VBA Macro
Visual Basic
Malicious
Module1
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Malicious
[Stored VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Excel.sheet
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[PCode]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
VBA P-Code
Disassembly
Malicious
[Decompiled VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Decompiled
Excel.sheet
DeObfuscated
Obfuscated
VBScript
Malicious
[Full Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Full Diff].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[Partial Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Malicious
Module2
Blacklist VBA
VBA Macro
Malicious
[Stored VBA]
Blacklist VBA
VBA Macro
Visual Basic
WScript.Shell
Shell.Application
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[PCode]
Blacklist VBA
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
Blacklist VBA
VBA Macro
Visual Basic
Decompiled
WScript.Shell
Shell.Application
DeObfuscated
Obfuscated
VBScript
Malicious
Module3
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Malicious
[Stored VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Malicious
[PCode]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
VBA P-Code
Disassembly
Malicious
[Decompiled VBA]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Decompiled
Malicious
[Full Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Full Diff].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[Partial Diff]
VBA Stomping
ATT&CK T1564.007
Malicious
Malicious Document
Blacklist VBA
VBA Macro
Visual Basic
Malicious
Sheet10
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet11
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet12
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet13
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet14
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet15
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet16
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet18
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet20
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
Sheet21
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Decompiled VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Sheet36
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
__SRP_0
__SRP_1
__SRP_2
__SRP_3
__SRP_4
__SRP_5
__SRP_6
__SRP_7
__SRP_8
__SRP_9
__SRP_a
__SRP_b
__SRP_c
__SRP_d
__SRP_e
__SRP_f
__SRP_10
__SRP_11
__SRP_12
__SRP_13
__SRP_14
__SRP_15
__SRP_16
__SRP_17
__SRP_18
__SRP_19
__SRP_1a
__SRP_1b
__SRP_1c
__SRP_1d
__SRP_1e
__SRP_1f
__SRP_20
__SRP_21
__SRP_22
__SRP_23
__SRP_24
__SRP_25
__SRP_26
__SRP_27
__SRP_28
__SRP_29
__SRP_2a
__SRP_2b
__SRP_2c
__SRP_2d
__SRP_2e
__SRP_2f
__SRP_30
__SRP_31
__SRP_32
__SRP_33
__SRP_34
__SRP_35
__SRP_36
__SRP_37
ThisWorkbook
VBA Macro
[Stored VBA]
VBA Macro
Visual Basic
VBScript
Malicious
[PCode]
VBA Macro
VBA P-Code
Disassembly
[Decompiled VBA]
VBA Macro
Visual Basic
Decompiled
VBScript
Malicious
_VBA_PROJECT
Characteristics
vbaDNA - VBA Stomping & Purging Stategy detection
|
Module Name0 | ||
|---|---|---|
| Sheet6 | VBA Stomping ATT&CK T1564.007 Malicious Malicious Document VBA Macro |
|
| Sheet7 | VBA Macro |
|
| Sheet8 | VBA Macro |
|
| Sheet9 | VBA Macro |
|
| CSHA256 | VBA Stomping ATT&CK T1564.007 Malicious Malicious Document VBA Macro |
|
| Module1 | VBA Stomping ATT&CK T1564.007 Malicious Malicious Document Blacklist VBA VBA Macro |
|
| Module2 | Blacklist VBA VBA Macro |
|
| Module3 | VBA Stomping ATT&CK T1564.007 Malicious Malicious Document Blacklist VBA VBA Macro |
|
| Sheet10 | VBA Macro |
|
| Sheet11 | VBA Macro |
|
| Sheet12 | VBA Macro |
|
| Sheet13 | VBA Macro |
|
| Sheet14 | VBA Macro |
|
| Sheet15 | VBA Macro |
|
| Sheet16 | VBA Macro |
|
| Sheet18 | VBA Macro |
|
| Sheet20 | VBA Macro |
|
| Sheet21 | VBA Macro |
|
| Sheet36 | VBA Macro |
|
| ThisWorkbook | VBA Macro |
|
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | http://www.frez.co.uk |
a43bcb6aefde2133474a3a3cc069f2f7 |
| URLs in VB Code - #1 | http://www.frez.co.uk |
a43bcb6aefde2133474a3a3cc069f2f7 > [Repaired @0x0001AA65] |
| URLs in VB Code - #1 | http://www.frez.co.uk |
a43bcb6aefde2133474a3a3cc069f2f7 > Root Entry > _VBA_PROJECT_CUR > VBA > CSHA256 > [Stored VBA] |
| URLs in VB Code - #1 | http://www.frez.co.uk |
a43bcb6aefde2133474a3a3cc069f2f7 > Root Entry > _VBA_PROJECT_CUR > VBA > CSHA256 > [Decompiled VBA] |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.