Malicious
Malicious

ead5ea52f1c57c7371351896c4e6df6d9643c[...]089.xlsx

MS Office Document
|
MD5: dbc6ae2130e861686e555c7c65dabac8
|
Size: 1.06 MB
|
application/vnd.ms-office

Print
General
Structural Analysis
Config.2
Yara Rules16
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
dbc6ae2130e861686e555c7c65dabac8
Sha1
86eab0a3c7abd7b338cf0b5f09c2ab5badd5fef6
Sha256
ead5ea52f1c57c7371351896c4e6df6d9643cc1f6112d8dca6b428e19ef77089
Sha384
d92c27ed528d641f1c2abf5a681f2581cc4ae72e0143e1c7892528e9216e6f322f20a54bc358d899889b836735dc8c54
Sha512
b8f8d9f7eb54510b0b50ba1ee792a6a926b77e2cbfd9206fe74831a800b2f02add050386218ee1197c352cd097dcd415a2a14c85389fc7342dbcc9381c87c796
SSDeep
24576:iJIwg9hIOXR8YhbBWvdp8tLUWBMDckBhQK6wueA+CoeX:izg9eM8YkpwLUwhkBi1deAMeX
TLSH
0D3523E5EDE83E16CF1701B62B16C85E981B7F5E3219E01B3230795A1677B3E44BA40E
File Structure
ead5ea52f1c57c7371351896c4e6df6d9643cc1f6112d8dca6b428e19ef77089.xlsx
Malicious
[Repaired @0x00002400]
Malicious
.
Malicious
Root Entry
Malicious
CompObj
Workbook
MBD00048C39
Malicious
Package
Malicious
[Content_Types].xml
_rels
.rels
xl
Malicious
_rels
workbook.xml.rels
workbook.xml
drawings
_rels
drawing1.xml.rels
vmlDrawing1.vml.rels
drawing1.xml
vmlDrawing1.vml
media
image4.png
image4.png-preview.png
image5.png
image5.png-preview.png
image3.emf
image1.emf
image2.emf
worksheets
sheet3.xml
sheet2.xml
_rels
sheet2.xml.rels
sheet3.xml.rels
sheet1.xml
theme
theme1.xml
styles.xml
sharedStrings.xml
embeddings
Malicious
oleObject2.bin
Malicious
.
Malicious
Root Entry
Malicious
Ole10Native
Malicious
[Repaired @0x00000105]
Malicious
[Repaired @0x00000905]
Malicious
[Content_Types].xml
_rels
.rels
xl
Malicious
workbook.xml
_rels
workbook.xml.rels
worksheets
Malicious
sheet1.xml
sheet2.xml
sheet3.xml
_rels
Malicious
sheet1.xml.rels
sheet2.xml.rels
sheet3.xml.rels
Malicious
theme
theme1.xml
styles.xml
sharedStrings.xml
drawings
drawing1.xml
drawing2.xml
_rels
drawing1.xml.rels
drawing2.xml.rels
media
image1.png
image1.png-preview.png
image2.png
image2.png-preview.png
image3.jpeg
image3.jpeg-preview.png
image4.jpeg
image4.jpeg-preview.png
printerSettings
printerSettings1.bin
printerSettings2.bin
printerSettings3.bin
calcChain.xml
docProps
core.xml
app.xml
oleObject1.bin
.
Root Entry
Ole10Native
Microsoft_Office_Excel_97-2003_Worksheet1.xls
Malicious
.
Root Entry
Workbook
MsoDataStore
A×ÌÂ×VIÎYUÚFJZCÙ0ÉYBPÀ==
Item
Properties
SummaryInformation
DocumentSummaryInformation
[Formulas]
Malicious
externalLinks
Malicious
_rels
Malicious
externalLink1.xml.rels
Malicious
externalLink1.xml
printerSettings
printerSettings1.bin
docProps
thumbnail.wmf
core.xml
app.xml
custom.xml
CompObj
MBD00048C3A
Malicious
Ole
Malicious
SummaryInformation
DocumentSummaryInformation
Malware Configuration - Remote Template
Config. Field
 Value
Target

http://www.aledari.qa/
Path

sheet3.xml.rels
XPath

/Relationships/Relationship[3]
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="http://www.aledari.qa/" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Malware Configuration - Remote Template
Config. Field
 Value
Target

file:///\\Renqian\资料2\工作资料\工作资料\运仰光面辅料\宁波至仰光\2019\01.30\报关单据-1.30yorkoverseas%20远东.xlsx
Path

externalLink1.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/externalLinkPath" Target="file:///\\Renqian\资料2\工作资料\工作资料\运仰光面辅料\宁波至仰光\2019\01.30\报关单据-1.30yorkoverseas%20远东.xlsx" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value
Remote Template - Highly Suspicious Document RelationShip

http://www.aledari.qa/
Remote Template - Highly Suspicious Document RelationShip

file:///\\Renqian\资料2\工作资料\工作资料\运仰光面辅料\宁波至仰光\2019\01.30\报关单据-1.30yorkoverseas%20远东.xlsx
ead5ea52f1c57c7371351896c4e6df6d9643cc1f6112d8dca6b428e19ef77089.xlsx (1.06 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙