Malicious
Malicious

a4437999e35b4d86f0e676b3baca8a81

MS Office Document
MD5: a4437999e35b4d86f0e676b3baca8a81
Size: 1.51 MB
application/vnd.ms-office
Infection Chain
Infection chain Ctrl + scroll to zoom · drag to pan
Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
a4437999e35b4d86f0e676b3baca8a81
Sha1
4438ff729d980bbea78e69aad315f8c015c7e3be
Sha256
4bb16555c6d16051154f98850757d5eacfefcd07031cdde2054e574f988e8c5b
Sha384
b9a60f6cc46bf7fd20e61842ff41fa5d37f745edaa13c01005aef9cb16d43eb50c8bada6f98803f4693a20a881fddb08
Sha512
0660f3f75a7d4e3657f6e4ae9104f8256458854d65a37f2ff890953cc27f2c9fb7db3aaa6d873d5bd9fc71a429c0dc2a65f0656a3415b30ab25a43c37d0bb4e7
SSDeep
24576:oNB31xX9tIbrZZDI0tHPAcHutnBQsPgIDmdUbeSEBW3uzzZOfOxaEQDo0e:m31xN2ZZ/fOwsZaOeSM8sI3e
TLSH
F2652307ABD1BB1AC19F89386C9798B4015EBC16F806891B33887B5C347F795878B64E
File Structure
[Repaired @0x0004A200]
Malicious
Root Entry
Malicious
CompObj
Workbook
SummaryInformation
DocumentSummaryInformation
MBD00129ACB
[Content_Types].xml
xl
_rels
workbook.xml.rels
workbook.xml
worksheets
sheet4.xml
_rels
sheet1.xml.rels
sheet2.xml.rels
sheet3.xml.rels
sheet5.xml.rels
sheet4.xml.rels
sheet2.xml
sheet3.xml
sheet5.xml
sheet1.xml
drawings
_rels
drawing1.xml.rels
drawing2.xml.rels
vmlDrawing1.vml.rels
drawing5.xml.rels
vmlDrawing1.vml
drawing5.xml
drawing1.xml
drawing4.xml
drawing2.xml
drawing3.xml
media
image4.emf
image3.jpeg
image3.jpeg-preview.png
image1.jpeg
image1.jpeg-preview.png
image2.jpeg
image2.jpeg-preview.png
embeddings
Microsoft_Office_Excel_97-2003_Worksheet1.xls
Root Entry
Workbook
SummaryInformation
DocumentSummaryInformation
sharedStrings.xml
styles.xml
theme
theme1.xml
printerSettings
printerSettings1.bin
printerSettings4.bin
printerSettings3.bin
docProps
thumbnail.wmf
core.xml
app.xml
CompObj
MBD00129ACC
Malicious
[Content_Types].xml
_rels
.rels
xl
Malicious
_rels
workbook.xml.rels
workbook.xml
styles.xml
media
image2.emf
image1.emf
theme
theme1.xml
worksheets
_rels
sheet1.xml.rels
sheet1.xml
drawings
_rels
vmlDrawing1.vml.rels
vmlDrawing1.vml
embeddings
oleObject1.bin
Root Entry
Ole
CompObj
CONTENTS
#Stream obj 9 0
#Stream obj 15 0
#Stream obj 17 0
#Stream obj 20 0
#Stream obj 21 0
#Stream obj 24 0
#Stream obj 25 0
#Stream obj 28 0
#Stream obj 29 0
#Stream obj 32 0
#Stream obj 3 0
#Stream obj 4 0
#Stream obj 12 0
oleObject2.bin
Root Entry
CONTENTS
Text (Preview)
#Stream obj 9 0
#Stream obj 7 0
#Stream obj 5 0
#Stream obj 6 0
#Stream obj 1 0
#Stream obj 2 0
Structure
sharedStrings.xml
externalLinks
Malicious
_rels
Malicious
externalLink1.xml
printerSettings
printerSettings1.bin
docProps
thumbnail.wmf
core.xml
app.xml
MBD00129ACD
Ole
_VBA_PROJECT_CUR
PROJECT
PROJECTwm
VBA
dir
_VBA_PROJECT
Malware Configuration - Remote Template
Config. Field
Value
Target
file:/huhuhuhuhuhuhuhuhuhuhu
Path
externhuhuhuhuhuhuhu
XPath
/Relathuhuhuhuhuhuhuhuhuhuhu
Outer XML
<Relathuhuhuhuhuhuhuhuhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Informations
Name
Value
Version

1.5

CreationDate

D:20260623125600Z

Title

Proof Of Payment

Producer

OpenPDF 2.0.2

/CreationDate

D:20260623125600Z

/Producer

OpenPDF 2.0.2

/Title

Proof Of Payment

Version

1.4

CreationDate

D:20260623205340+08'00'

Creator

JasperReports Library version 6.1.0

ModifiedDate

D:20260623205340+08'00'

Producer

iText 2.1.7 by 1T3XT

/ModDate

D:20260623205340+08'00'

/Creator

JasperReports Library version 6.1.0

/CreationDate

D:20260623205340+08'00'

/Producer

iText 2.1.7 by 1T3XT

Artefacts
Name
Value
Remote Template - Highly Suspicious
file:/huhuhuhuhuhuhuhuhuhuhu
Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
a4437999e35b4d86f0e676b3baca8a81 (1.51 MB)
File Structure
[Repaired @0x0004A200]
Malicious
Root Entry
Malicious
CompObj
Workbook
SummaryInformation
DocumentSummaryInformation
MBD00129ACB
[Content_Types].xml
xl
_rels
workbook.xml.rels
workbook.xml
worksheets
sheet4.xml
_rels
sheet1.xml.rels
sheet2.xml.rels
sheet3.xml.rels
sheet5.xml.rels
sheet4.xml.rels
sheet2.xml
sheet3.xml
sheet5.xml
sheet1.xml
drawings
_rels
drawing1.xml.rels
drawing2.xml.rels
vmlDrawing1.vml.rels
drawing5.xml.rels
vmlDrawing1.vml
drawing5.xml
drawing1.xml
drawing4.xml
drawing2.xml
drawing3.xml
media
image4.emf
image3.jpeg
image3.jpeg-preview.png
image1.jpeg
image1.jpeg-preview.png
image2.jpeg
image2.jpeg-preview.png
embeddings
Microsoft_Office_Excel_97-2003_Worksheet1.xls
Root Entry
Workbook
SummaryInformation
DocumentSummaryInformation
sharedStrings.xml
styles.xml
theme
theme1.xml
printerSettings
printerSettings1.bin
printerSettings4.bin
printerSettings3.bin
docProps
thumbnail.wmf
core.xml
app.xml
CompObj
MBD00129ACC
Malicious
[Content_Types].xml
_rels
.rels
xl
Malicious
_rels
workbook.xml.rels
workbook.xml
styles.xml
media
image2.emf
image1.emf
theme
theme1.xml
worksheets
_rels
sheet1.xml.rels
sheet1.xml
drawings
_rels
vmlDrawing1.vml.rels
vmlDrawing1.vml
embeddings
oleObject1.bin
Root Entry
Ole
CompObj
CONTENTS
#Stream obj 9 0
#Stream obj 15 0
#Stream obj 17 0
#Stream obj 20 0
#Stream obj 21 0
#Stream obj 24 0
#Stream obj 25 0
#Stream obj 28 0
#Stream obj 29 0
#Stream obj 32 0
#Stream obj 3 0
#Stream obj 4 0
#Stream obj 12 0
oleObject2.bin
Root Entry
CONTENTS
Text (Preview)
#Stream obj 9 0
#Stream obj 7 0
#Stream obj 5 0
#Stream obj 6 0
#Stream obj 1 0
#Stream obj 2 0
Structure
sharedStrings.xml
externalLinks
Malicious
_rels
Malicious
externalLink1.xml
printerSettings
printerSettings1.bin
docProps
thumbnail.wmf
core.xml
app.xml
MBD00129ACD
Ole
_VBA_PROJECT_CUR
PROJECT
PROJECTwm
VBA
dir
_VBA_PROJECT
Characteristics
Malware Configuration - Remote Template
Config. Field
Value
Target
file:/huhuhuhuhuhuhuhuhuhuhu
Path
externhuhuhuhuhuhuhu
XPath
/Relathuhuhuhuhuhuhuhuhuhuhu
Outer XML
<Relathuhuhuhuhuhuhuhuhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Artefacts
Name
Value Location
Remote Template - Highly Suspicious
file:/huhuhuhuhuhuhuhuhuhuhu
Malicious

a4437999e35b4d86f0e676b3baca8a81 > Root Entry > MBD00129ACC > Package > xl > externalLinks > _rels > externalLink1.xml.rels

Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙