Static task
static1
Behavioral task
behavioral1
Sample
dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95.doc
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral2
Sample
dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95.doc
Resource
win10v20201028
Behavioral task
behavioral3
Sample
dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95.doc
Resource
win10v20201028
Behavioral task
behavioral4
Sample
dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95.doc
Resource
android-x86_64_arm64
General
-
Target
dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95.doc.zip
-
Size
230KB
-
MD5
3b60e7d52314a76f68fc74bfd543d9dd
-
SHA1
9e2d51b206309fdba5324d5e6e7ddbc41c480096
-
SHA256
9301cf300ecde152a6d63416e4ea91692ecd7ccd73cfe01cd703e05a01e9ad48
-
SHA512
7e779083e20be7dda0aa5394f92dd2455173f7450b93f6e5dc707c4274d29046d6bbb346656f5c92eccff06e8a6ee0b21f436af97a12fbdd5bd8d8d0a4be8052
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule static1/unpack001/dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95.doc office_macro_on_action -
Processes:
resource yara_rule static1/unpack001/dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95.doc office_xlm_macros
Files
-
dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95.doc.zip.zip
Password: infected
-
dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95.doc.doc windows office2003
ThisDocument
Module1
Module2
Module3