Malicious
README_PURGED.docm
MS Word Document | MD5: ea7621bbadc447b5b2c90b8d5c0cdf38 | Size: 281.89 KB | application/msword
MS Word Document
MD5: ea7621bbadc447b5b2c90b8d5c0cdf38
Size: 281.89 KB
application/msword
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | ea7621bbadc447b5b2c90b8d5c0cdf38
|
| Sha1 | 4bd66612402b89c51ff8349f9d5735bc98fa593d
|
| Sha256 | cc19ce71f2296b2a685abc9a7c5a3fe4136ac906a023ffa9219c91c5267fdf86
|
| Sha384 | d719d9b611ad5d39ffa3b2dd892a00d97d980eadbac244a3e1615c9a8856b48cc1f52aad12850cb3f21aa8942d04a968
|
| Sha512 | 383f2bbe6f38df00a0d941d2180a01ea765b648558c3edf962435f51262dc4e2198100ac686d5284c0e990bac902e2861f989a973375ce5474e91e5a9b56525c
|
| SSDeep | 6144:JSkgSqkdQ8HET7S+llYbeKWXAevC93umTJ:Jh5H6GMlvXzyT
|
| TLSH | 7254235AC31E2FE7F2E1C33657651384D920A5987ACB419E58BB22D66C24FCDF32118B
|
File Structure
README_PURGED.docm
Malicious
[Content_Types].xml
word
Malicious
document.xml
fontTable.xml
settings.xml
styles.xml
vbaData.xml
.
Malicious
Root Entry
Malicious
VBA
Malicious
dir
[Stored VBA]
Malicious
_VBA_PROJECT
PROJECT
PROJECTwm
webSettings.xml
media
image1.png
image1.png-preview.png
theme
theme1.xml
_rels
.rels
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | http://192.168.63.132/dowload.pdf |
README_PURGED.docm (281.89 KB)
File Structure
README_PURGED.docm
Malicious
[Content_Types].xml
word
Malicious
document.xml
fontTable.xml
settings.xml
styles.xml
vbaData.xml
.
Malicious
Root Entry
Malicious
VBA
Malicious
dir
[Stored VBA]
Malicious
_VBA_PROJECT
PROJECT
PROJECTwm
webSettings.xml
media
image1.png
image1.png-preview.png
theme
theme1.xml
_rels
.rels
Characteristics
vbaDNA - VBA Stomping & Purging Stategy detection
|
Module Name0 | ||
|---|---|---|
| ThisDocument | Blacklist VBA VBA Macro VBA Purging ATT&CK T1564.007 Malicious Malicious Document |
|
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | http://192.168.63.132/dowload.pdf |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.