9686464326[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9686464326.zip
Size

148KB
MD5

9f4a0c4cfc735547052f05f8a7d15a0c
SHA1

36678c65e0fec4f1ae560625a72a55a243152e7d
SHA256

f528f31a2b49ac4ae44140a0e2d4cc44f857b5ee939da6778bbf0d055f3d3699
SHA512

f3a79d93ac7b362dc467ff9bea0c229ed995d5f5d6715708d9eb7d5cbf043247fb8707d7104b1e313b771b0565933849cf1918529ecdcd36f09bc7c99e8347b2
SSDEEP

3072:8xyjvW/Xq0gypzB8ETY+8MHKfDtlKNZmXUCpJzqo:1vWrgyxB/vv6DtlKLEhqo

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

Processes:

resource
static1/unpack002/e-Ticket 확인증_95292914.xls

Files

9686464326.zip
.zip

Password: infected
4d32ea49883d23f9cc09c1acce01d5b459fbd56f441989e1ba7877367a28fb10
.msg
- http://anair.com/content/koreanair/korea/ko/customer-support.html#cta-large=/gl
- http://anair.com/content/koreanair/korea/ko/skypass/earn.html#korean-air
- http://anair.com/content/koreanair/korea/ko/ticket-information.html#korean-dome
- http://anair.com/content/koreanair/korea/ko/traveling/airport-check-in.html#kio
- http://anair.com/content/koreanair/korea/ko/traveling/baggage-services.html#not
- http://anair.com/content/koreanair/korea/ko/traveling/classes-of-service.html#c
- http://anair.com/korea/ko/footers/Privacy-Policy.html
- http://bloomvista.co.kr
- http://book.com/KoreanAir
- http://e.com/reader/?loc=ko
- http://gle.com/+koreanair
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwMQ==&URL=http://www.koreanair.com
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwMw==&URL=https://get.adobe.com/reader/?loc=ko
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwNA==&URL=https://www.koreanair.com/content/koreanair/korea/ko/traveling/airport-check-in.html#kiosk
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwNQ==&URL=https://www.koreanair.com/content/koreanair/korea/ko/skypass/earn.html#korean-air
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwNg==&URL=https://www.koreanair.com/content/koreanair/korea/ko/ticket-information.html#korean-domestic-tickets
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwNw==&URL=https://www.koreanair.com/content/koreanair/korea/ko/traveling/baggage-services.html#not-allowed-to-bring-restricted
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwOA==&URL=https://www.koreanair.com/content/koreanair/korea/ko/traveling/classes-of-service.html#cta-large=/korea/ko/traveling/classes-of-service/in-flight-special-meals/peanut-allergy.html
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwOQ==&URL=https://www.koreanair.com/content/koreanair/korea/ko/customer-support.html#cta-large=/global/ko/customer-support/contact-us/service-centers.html
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAxMA==&URL=https://www.koreanair.com/korea/ko/footers/Privacy-Policy.html
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAxMQ==&URL=https://twitter.com/koreanair
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAxMg==&URL=https://www.facebook.com/KoreanAir
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAxMw==&URL=https://plus.google.com/+koreanair
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1P
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwMQ==&URL=http://www.koreanair.com
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwMw==&URL=https://get.adobe.com/reader/?loc=ko
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwNA==&URL=https://www.koreanair.com/content/koreanair/korea/ko/traveling/airport-check-in.html#kiosk
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwNQ==&URL=https://www.koreanair.com/content/koreanair/korea/ko/skypass/earn.html#korean-air
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwNg==&URL=https://www.koreanair.com/content/koreanair/korea/ko/ticket-information.html#korean-domestic-tickets
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwNw==&URL=https://www.koreanair.com/content/koreanair/korea/ko/traveling/baggage-services.html#not-allowed-to-bring-restricted
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwOA==&URL=https://www.koreanair.com/content/koreanair/korea/ko/traveling/classes-of-service.html#cta-large=/korea/ko/traveling/classes-of-service/in-flight-special-meals/peanut-allergy.html
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAwOQ==&URL=https://www.koreanair.com/content/koreanair/korea/ko/customer-support.html#cta-large=/global/ko/customer-support/contact-us/service-centers.html
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAxMA==&URL=https://www.koreanair.com/korea/ko/footers/Privacy-Policy.html
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAxMQ==&URL=https://twitter.com/koreanair
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAxMg==&URL=https://www.facebook.com/KoreanAir
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1D&Q0lEPTAxMw==&URL=https://plus.google.com/+koreanair
- http://ums.koreanair.com/Check.html?TV9JRD0yMzU0MzAwNDRfMzg1NDA0NTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1Q=&UE9TVF9JRD0yMDE5MDQyOV8xMA==&VEM9MjAxOTA1MDY=&S0lORD1P
- http://www.bloomvista.co.kr
- https://plus.goo
- https://pns.koreanair.com/images/pns/eticket/eticket_bt.png
- https://pns.koreanair.com/images/pns/eticket/eticket_icon_02.png
- https://pns.koreanair.com/images/pns/eticket/eticket_icon_03.png
- https://pns.koreanair.com/images/pns/eticket/eticket_icon_notice.png
- https://pns.koreanair.com/images/pns/eticket/eticket_img_k_01.png
- https://pns.koreanair.com/images/pns/eticket/eticket_img_k_03.png
- https://pns.koreanair.com/images/pns/eticket/eticket_img_k_06.png
- https://pns.koreanair.com/images/pns/eticket/eticket_img_k_07.png
- https://pns.koreanair.com/images/pns/eticket/join_info_com02.png
- https://pns.koreanair.com/images/pns/eticket/join_info_com03.png
- https://pns.koreanair.com/images/pns/eticket/join_info_com04.png
- https://pns.koreanair.com/images/pns/eticket/join_info_com05.png
- https://pns.koreanair.com/images/pns/eticket/top-nav-logo-50years.png
- http://nair.com
- http://shimazaki-system.com
- http://www.koreanair.com
- Show all
e-Ticket 확인증_95292914.xls
.xls windows office2003

ThisWorkbook

CodeBlock

ClaModu

Class7

Class5
image001.jpg
image002.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

Password: infected

ThisWorkbook

CodeBlock

ClaModu

Class7

Class5