Malicious
Malicious

ead5ea52f1c57c7371351896c4e6df6d9643c[...]089.xlsx

MS Office Document
|
MD5: dbc6ae2130e861686e555c7c65dabac8
|
Size: 1.06 MB
|
application/vnd.ms-office

Office Document
Corrupted
StdOleLink
Exploit
CVE-2017-0199
CVE-2017-8570
CVE-2017-8759
CVE-2018-8174
T1221
Remote Template Injection
Print
General
Structural Analysis
Config.2
Yara Rules16
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
dbc6ae2130e861686e555c7c65dabac8
Sha1
86eab0a3c7abd7b338cf0b5f09c2ab5badd5fef6
Sha256
ead5ea52f1c57c7371351896c4e6df6d9643cc1f6112d8dca6b428e19ef77089
Sha384
d92c27ed528d641f1c2abf5a681f2581cc4ae72e0143e1c7892528e9216e6f322f20a54bc358d899889b836735dc8c54
Sha512
b8f8d9f7eb54510b0b50ba1ee792a6a926b77e2cbfd9206fe74831a800b2f02add050386218ee1197c352cd097dcd415a2a14c85389fc7342dbcc9381c87c796
SSDeep
24576:iJIwg9hIOXR8YhbBWvdp8tLUWBMDckBhQK6wueA+CoeX:izg9eM8YkpwLUwhkBi1deAMeX
TLSH
0D3523E5EDE83E16CF1701B62B16C85E981B7F5E3219E01B3230795A1677B3E44BA40E
File Structure
ead5ea52f1c57c7371351896c4e6df6d9643cc1f6112d8dca6b428e19ef77089.xlsx
Office Document
Corrupted
StdOleLink
Exploit
CVE-2017-0199
CVE-2017-8570
CVE-2017-8759
CVE-2018-8174
T1221
Remote Template Injection
Malicious
[Repaired @0x00002400]
Office Document
Corrupted
Malicious
.
Malicious
Root Entry
Malicious
CompObj
Workbook
MBD00048C39
Malicious
Package
Office Document
Corrupted
T1221
Remote Template Injection
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
xl
Malicious
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
drawings
_rels
drawing1.xml.rels
Xml
vmlDrawing1.vml.rels
Xml
drawing1.xml
Xml
vmlDrawing1.vml
media
image4.png
image4.png-preview.png
image5.png
image5.png-preview.png
image3.emf
image1.emf
image2.emf
worksheets
sheet3.xml
Xml
sheet2.xml
Xml
_rels
sheet2.xml.rels
Xml
sheet3.xml.rels
Xml
sheet1.xml
Xml
theme
theme1.xml
Xml
styles.xml
Xml
sharedStrings.xml
Xml
embeddings
Malicious
oleObject2.bin
Office Document
Corrupted
T1221
Remote Template Injection
Malicious
.
Malicious
Root Entry
Malicious
Ole10Native
Office Document
Corrupted
Malicious
[Repaired @0x00000105]
Office Document
Corrupted
Malicious
[Repaired @0x00000905]
Office Document
Corrupted
T1221
Remote Template Injection
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
xl
Malicious
workbook.xml
Xml
_rels
workbook.xml.rels
Xml
worksheets
Malicious
sheet1.xml
Xml
sheet2.xml
Xml
sheet3.xml
Xml
_rels
Malicious
sheet1.xml.rels
Xml
sheet2.xml.rels
Xml
sheet3.xml.rels
Xml
T1221
Remote Template Injection
Malicious
theme
theme1.xml
Xml
styles.xml
Xml
sharedStrings.xml
Xml
drawings
drawing1.xml
Xml
drawing2.xml
Xml
_rels
drawing1.xml.rels
Xml
drawing2.xml.rels
Xml
media
image1.png
image1.png-preview.png
image2.png
image2.png-preview.png
image3.jpeg
image3.jpeg-preview.png
image4.jpeg
image4.jpeg-preview.png
printerSettings
printerSettings1.bin
printerSettings2.bin
printerSettings3.bin
calcChain.xml
Xml
docProps
core.xml
Xml
app.xml
Xml
oleObject1.bin
Office Document
.
Root Entry
Ole10Native
Microsoft_Office_Excel_97-2003_Worksheet1.xls
Office Document
Malicious
.
Root Entry
Workbook
MsoDataStore
A×ÌÂ×VIÎYUÚFJZCÙ0ÉYBPÀ==
Item
Properties
SummaryInformation
DocumentSummaryInformation
[Formulas]
Malicious
externalLinks
Malicious
_rels
Malicious
externalLink1.xml.rels
Xml
T1221
Remote Template Injection
Malicious
externalLink1.xml
Xml
printerSettings
printerSettings1.bin
docProps
thumbnail.wmf
core.xml
Xml
app.xml
Xml
custom.xml
Xml
CompObj
MBD00048C3A
Malicious
Ole
Exploit
CVE-2017-0199
CVE-2017-8570
CVE-2017-8759
CVE-2018-8174
StdOleLink
Malicious
SummaryInformation
DocumentSummaryInformation
Malware Configuration - Remote Template
Config. Field
 Value
Target

http://www.aledari.qa/
Path

sheet3.xml.rels
XPath

/Relationships/Relationship[3]
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="http://www.aledari.qa/" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Malware Configuration - Remote Template
Config. Field
 Value
Target

file:///\\Renqian\资料2\工作资料\工作资料\运仰光面辅料\宁波至仰光\2019\01.30\报关单据-1.30yorkoverseas%20远东.xlsx
Path

externalLink1.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/externalLinkPath" Target="file:///\\Renqian\资料2\工作资料\工作资料\运仰光面辅料\宁波至仰光\2019\01.30\报关单据-1.30yorkoverseas%20远东.xlsx" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value
Remote Template - Highly Suspicious Document RelationShip

http://www.aledari.qa/
Remote Template - Highly Suspicious Document RelationShip

file:///\\Renqian\资料2\工作资料\工作资料\运仰光面辅料\宁波至仰光\2019\01.30\报关单据-1.30yorkoverseas%20远东.xlsx
ead5ea52f1c57c7371351896c4e6df6d9643cc1f6112d8dca6b428e19ef77089.xlsx (1.06 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙