Malicious
Malicious

d6e7a65a344935376eb8aadc3a294deb

MS Word Document
|
MD5: d6e7a65a344935376eb8aadc3a294deb
|
Size: 638.56 KB
|
application/msword

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
d6e7a65a344935376eb8aadc3a294deb
Sha1
e31091cb9d9e52aa2be5ef1aea8f141f604d68cc
Sha256
70239684f01e37692087c05f6f355daae3bdcdbc4bfa2fcb786dbf8ddf1d2966
Sha384
4eb8e8a427f731f09d645ef7ca5ea5203347cc97392e5032037b45535c8f6344fe877b16d9a54f97cabaf3a0d9c95da1
Sha512
c67339a0d986b9c0ef24fc11d13b8194a5fd7e415a6d1dc3a831da1740b19f25281a467986de04816f893d7e691cf97ecdc665f36ee4af027a0b99262f05babc
SSDeep
12288:bUrToXufXsMTq6wAcJmTfoEvFOdsOXen8Au8/JLbNQMD+w6H1SlEk:eUXuf5q6wAcJwf5vFb8A3MMD+w6VOEk
TLSH
DBD423CDEC215C16FD4723BC7F4229A8AD24A96F25FF392828E16464ED554336B14C8F
File Structure
d6e7a65a344935376eb8aadc3a294deb
Malicious
[Content_Types].xml
_rels
.rels
word
Malicious
_rels
Malicious
document.xml.rels
footer2.xml.rels
settings.xml.rels
Malicious
document.xml
footnotes.xml
footer3.xml
footer2.xml
header3.xml
endnotes.xml
embeddings
Microsoft_Office_Excel_Worksheet1.xlsx
[Content_Types].xml
_rels
.rels
xl
_rels
workbook.xml.rels
workbook.xml
worksheets
sheet4.xml
sheet2.xml
_rels
sheet1.xml.rels
sheet2.xml.rels
sheet3.xml.rels
sheet4.xml.rels
sheet3.xml
sheet1.xml
drawings
_rels
vmlDrawing1.vml.rels
vmlDrawing1.vml
styles.xml
sharedStrings.xml
embeddings
oleObject1.bin
Root Entry
Ole
CompObj
CONTENTS
Text (Preview)
Page #1
#Stream {2}
#Stream {8}
#Stream {16}
#Stream {12}
#Stream {13}
#Stream {14}
Structure
theme
theme1.xml
media
image1.emf
printerSettings
printerSettings3.bin
printerSettings4.bin
printerSettings1.bin
docProps
core.xml
app.xml
media
image1.emf
theme
theme1.xml
settings.xml
webSettings.xml
fontTable.xml
styles.xml
docProps
app.xml
core.xml
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://kutt.chatforma.com/mokHvH
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://kutt.chatforma.com/mokHvH" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Informations
Name
 Value
CONTENTS

1.4
CONTENTS

D:20250930115417+01'00'
CONTENTS

Adobe Photoshop 21.2 (Windows)
CONTENTS

D:20250930115520+01'00'
CONTENTS

Adobe Photoshop for Windows -- Image Conversion Plug-in
CONTENTS

D:20250930115417+01'00'
CONTENTS

Adobe Photoshop 21.2 (Windows)
CONTENTS

D:20250930115520+01'00'
CONTENTS

Adobe Photoshop for Windows -- Image Conversion Plug-in
Artefacts
Name
 Value
Remote Template - Highly Suspicious

https://kutt.chatforma.com/mokHvH
d6e7a65a344935376eb8aadc3a294deb (638.56 KB)
File Structure
d6e7a65a344935376eb8aadc3a294deb
Malicious
[Content_Types].xml
_rels
.rels
word
Malicious
_rels
Malicious
document.xml.rels
footer2.xml.rels
settings.xml.rels
Malicious
document.xml
footnotes.xml
footer3.xml
footer2.xml
header3.xml
endnotes.xml
embeddings
Microsoft_Office_Excel_Worksheet1.xlsx
[Content_Types].xml
_rels
.rels
xl
_rels
workbook.xml.rels
workbook.xml
worksheets
sheet4.xml
sheet2.xml
_rels
sheet1.xml.rels
sheet2.xml.rels
sheet3.xml.rels
sheet4.xml.rels
sheet3.xml
sheet1.xml
drawings
_rels
vmlDrawing1.vml.rels
vmlDrawing1.vml
styles.xml
sharedStrings.xml
embeddings
oleObject1.bin
Root Entry
Ole
CompObj
CONTENTS
Text (Preview)
Page #1
#Stream {2}
#Stream {8}
#Stream {16}
#Stream {12}
#Stream {13}
#Stream {14}
Structure
theme
theme1.xml
media
image1.emf
printerSettings
printerSettings3.bin
printerSettings4.bin
printerSettings1.bin
docProps
core.xml
app.xml
media
image1.emf
theme
theme1.xml
settings.xml
webSettings.xml
fontTable.xml
styles.xml
docProps
app.xml
core.xml
Characteristics
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://kutt.chatforma.com/mokHvH
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://kutt.chatforma.com/mokHvH" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value Location
Remote Template - Highly Suspicious

https://kutt.chatforma.com/mokHvH

Malicious

d6e7a65a344935376eb8aadc3a294deb > word > _rels > settings.xml.rels
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙