Malicious
General
Structural Analysis
Config.1
Yara Rules3
Sync
Insights
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | ea7621bbadc447b5b2c90b8d5c0cdf38
|
| Sha1 | 4bd66612402b89c51ff8349f9d5735bc98fa593d
|
| Sha256 | cc19ce71f2296b2a685abc9a7c5a3fe4136ac906a023ffa9219c91c5267fdf86
|
| Sha384 | d719d9b611ad5d39ffa3b2dd892a00d97d980eadbac244a3e1615c9a8856b48cc1f52aad12850cb3f21aa8942d04a968
|
| Sha512 | 383f2bbe6f38df00a0d941d2180a01ea765b648558c3edf962435f51262dc4e2198100ac686d5284c0e990bac902e2861f989a973375ce5474e91e5a9b56525c
|
| SSDeep | 6144:JSkgSqkdQ8HET7S+llYbeKWXAevC93umTJ:Jh5H6GMlvXzyT
|
| TLSH | 7254235AC31E2FE7F2E1C33657651384D920A5987ACB419E58BB22D66C24FCDF32118B
|
File Structure
README_PURGED.docm
Office Document
Blacklist VBA
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
WinHttp.WinHttpRequest.5.1
ADODB.Stream
Scripting.FileSystemObject
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Content_Types].xml
Xml
docProps
app.xml
Xml
core.xml
Xml
word
Malicious
document.xml
Xml
fontTable.xml
Xml
settings.xml
Xml
styles.xml
Xml
vbaData.xml
Xml
vbaProject.bin
Office Document
Malicious
.
Malicious
Root Entry
Malicious
VBA
Malicious
dir
ThisDocument
Blacklist VBA
VBA Macro
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
Malicious
[Stored VBA]
Blacklist VBA
VBA Macro
Visual Basic
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
WinHttp.WinHttpRequest.5.1
ADODB.Stream
Scripting.FileSystemObject
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
_VBA_PROJECT
PROJECT
PROJECTwm
webSettings.xml
Xml
media
image1.png
image1.png-preview.png
theme
theme1.xml
Xml
_rels
document.xml.rels
Xml
vbaProject.bin.rels
Xml
_rels
.rels
Xml
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | http://192.168.63.132/dowload.pdf |
README_PURGED.docm (281.89 KB)
File Structure
README_PURGED.docm
Office Document
Blacklist VBA
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
WinHttp.WinHttpRequest.5.1
ADODB.Stream
Scripting.FileSystemObject
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Content_Types].xml
Xml
docProps
app.xml
Xml
core.xml
Xml
word
Malicious
document.xml
Xml
fontTable.xml
Xml
settings.xml
Xml
styles.xml
Xml
vbaData.xml
Xml
vbaProject.bin
Office Document
Malicious
.
Malicious
Root Entry
Malicious
VBA
Malicious
dir
ThisDocument
Blacklist VBA
VBA Macro
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
Malicious
[Stored VBA]
Blacklist VBA
VBA Macro
Visual Basic
VBA Purging
ATT&CK T1564.007
Malicious
Malicious Document
WinHttp.WinHttpRequest.5.1
ADODB.Stream
Scripting.FileSystemObject
DeObfuscated
VBScript
T1059.005
Obfuscated
Malicious
[Stored VBA].deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
_VBA_PROJECT
PROJECT
PROJECTwm
webSettings.xml
Xml
media
image1.png
image1.png-preview.png
theme
theme1.xml
Xml
_rels
document.xml.rels
Xml
vbaProject.bin.rels
Xml
_rels
.rels
Xml
Characteristics
vbaDNA - VBA Stomping & Purging Stategy detection
|
Module Name0 | ||
|---|---|---|
| ThisDocument | Blacklist VBA VBA Macro VBA Purging ATT&CK T1564.007 Malicious Malicious Document |
|
Malware Configuration - URLs in VBA/VBS Code
|
Config. Field0 | Value |
|---|---|
| URL #1 | http://192.168.63.132/dowload.pdf |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.
You must be signed in to post a comment.