Malicious
Malicious

fd853c922dc870a857c56414740e12f2

MS Excel Document
|
MD5: fd853c922dc870a857c56414740e12f2
|
Size: 215.99 KB
|
application/vnd.ms-excel

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
fd853c922dc870a857c56414740e12f2
Sha1
230892cbe83cde2cd90e270040d5149b3f780c7f
Sha256
fa1998eddd638d281e38c7d855ccba5deef27d57485080333e79603b01a56312
Sha384
8a7895f5a0bd128e1269969c037e27df0400800ae16c47ec5623cba38d747f73bbf504922b7c9cacbbdce9cee5dd69f7
Sha512
2e2a06ccc115f2bf3df672e754d16b37328e78dd3d5cb1dbe68307f39598fe252cb4dd2d051ee7eb8ef37cafe9729e62e144271a1a64b5caa36b41e4ea627fb5
SSDeep
6144:lHn6mNayNffUDmJZf49Y8SABkDScItd35QpNyk73i:lHn6CxfiOF0SpWd3erS
TLSH
1624026DE659F85EC787E438821C16E78904E05AD2B4F12F3C8976E5B5814EB6F0C28A
File Structure
fd853c922dc870a857c56414740e12f2
Malicious
[Content_Types].xml
_rels
.rels
xl
Malicious
workbook.xml
_rels
workbook.xml.rels
worksheets
sheet1.xml
sheet2.xml
sheet3.xml
sheet4.xml
sheet5.xml
sheet6.xml
_rels
sheet5.xml.rels
sheet1.xml.rels
sheet2.xml.rels
sheet3.xml.rels
sheet4.xml.rels
pivotTables
_rels
pivotTable1.xml.rels
pivotTable1.xml
pivotTable2.xml
pivotTable3.xml
pivotTable4.xml
pivotTable5.xml
pivotTable6.xml
theme
theme1.xml
styles.xml
sharedStrings.xml
drawings
drawing1.xml
vbaProject.bin
Malicious
Root Entry
Malicious
PROJECT
PROJECTwm
VBA
Malicious
dir
Module1
Malicious
[Stored VBA]
Malicious
[PCode]
Malicious
[Decompiled VBA]
Malicious
[Full Diff]
Malicious
[Partial Diff]
Malicious
Module2
[Stored VBA]
Malicious
[PCode]
Module3
[Stored VBA]
Malicious
[PCode]
__SRP_0
__SRP_1
__SRP_2
__SRP_3
__SRP_4
__SRP_5
__SRP_6
__SRP_7
_VBA_PROJECT
externalLinks
Malicious
externalLink1.xml
_rels
Malicious
externalLink1.xml.rels
Malicious
pivotCache
pivotCacheDefinition1.xml
pivotCacheRecords1.xml
_rels
pivotCacheDefinition1.xml.rels
connections.xml
tables
table1.xml
_rels
table1.xml.rels
queryTables
queryTable1.xml
printerSettings
printerSettings1.bin
calcChain.xml
customXml
item2.xml
itemProps2.xml
item1.xml
_rels
item1.xml.rels
item2.xml.rels
itemProps1.xml
docProps
core.xml
app.xml
custom.xml
Malware Configuration - Remote Template
Config. Field
 Value
Target

file:///\\FSS048-01BR.group.pirelli.com\CAMPCUSTOS\BASES_DE_CUSTO\Base_Materiais_Contas.xlsx
Path

externalLink1.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/externalLinkPath" Target="file:///\\FSS048-01BR.group.pirelli.com\CAMPCUSTOS\BASES_DE_CUSTO\Base_Materiais_Contas.xlsx" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value
Remote Template - Highly Suspicious

file:///\\FSS048-01BR.group.pirelli.com\CAMPCUSTOS\BASES_DE_CUSTO\Base_Materiais_Contas.xlsx
fd853c922dc870a857c56414740e12f2 (215.99 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙