Overview

overview

10

Static

static

8

BL. NO. AN...21.exe

windows7_x64

10

BL. NO. AN...21.exe

windows10_x64

10

Sample_101...mg.exe

windows7_x64

10

Sample_101...mg.exe

windows10_x64

10

Invoice 19...df.exe

windows7_x64

1

Invoice 19...df.exe

windows10_x64

10

Leak/PROFO...CE.doc

windows7_x64

10

Leak/PROFO...CE.doc

windows10_x64

1

Payment re...df.exe

windows7_x64

10

Payment re...df.exe

windows10_x64

10

Leak/Profo...mg.xls

windows7_x64

10

Leak/Profo...mg.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Leak.zip

  • Size

    3.0MB

  • MD5

    cd6305e8c52cd93979c3a93164861c86

  • SHA1

    955850b81692f2b5b83a5a7ecc2fc6f4b11618d4

  • SHA256

    6243afcc3184f4bf3f969dd7fed686e57e574d17417ec71351bc71d5adba673d

  • SHA512

    cb5790048002ae59ef51c9e9d99cb7eea63992a39c157f5cb748faafb28aa52388b50e863e18fa70b879c05afe899743523c3c1fa0cb8e189890551a03a0d1d4

Score
8/10
macromacro_on_actionxlm

Malware Config

Signatures

  • Office macro that triggers on suspicious action 2 IoCs

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action
  • Suspicious Office macro 2 IoCs

    Office document equipped with 4.0 macros.

    macroxlm

Files

  • Leak.zip
    .zip
  • Leak/BL. NO. ANSMUNDAR3621.img
    .iso
  • BL. NO. ANSMUNDAR3621.exe
    .exe windows x86


  • Leak/Confirmed Letter35117img.r21
    .rar
  • Sample_10120351200_ISO_035117img.exe
    .exe windows x86


  • Leak/Invoice 1905-20-1907-20.pdf.gz
    .rar
  • Invoice 1905-20-1907-20.pdf.exe
    .exe windows x86


  • Leak/PROFORMA INVOICE.doc
    .doc .rtf
  • Leak/Payment receipt.pdf.ace
    .ace
  • Payment receipt.pdf.exe
    .exe windows x86


  • Leak/Proforma invoice35117img.xls
    .xls windows office2003

    ThisWorkbook

    Sheet1

    Module1

  • Leak/dataspeed1.PNG
    .png
  • Leak/dataspeed2.PNG
    .png