General
-
Target
mshtml.zip
-
Size
262KB
-
MD5
75a28db68a020da28cf223010f7c9f9c
-
SHA1
361aa10961eed91b277ffea70641ed6435550d7d
-
SHA256
31475717735f9aee20def2a4044b42a52cb92e8cf885b92a042099a273688135
-
SHA512
6fbe84b932773d0e0f7b12ddcbb4d2b6f802036f71f42f95b65bed7d3a262db3609bbbc4ee8c54a5ee86c5e952da059bba1fd99ac532c07401a3bf98068f3964
-
SSDEEP
6144:dem485iuNrJhuJGd0AkfX+Yk3xonVBio57pMN+UM8iNuiYwLGZTqUdJP+TDu:dempTJAQd0AmOX3mVBp1MN5Ri/YeGZTl
Score
10/10
Malware Config
Extracted
Rule
Microsoft Office MHTML OLEObject
C2
arsenal.30cm.tw:1212/word.html
http://175.24.190.249/note.html
http://trendparlye.com/wiki0509.html
http://hidusi.com/e8c76295a5f9acb7/side.html
Signatures
Files
-
mshtml.zip
Password: infected
-
Challenge_FIles/Employee_W2_Form.docx
-
Challenge_FIles/Employees_Contact_Audit_Oct_2021.docx
-
Challenge_FIles/Work_From_Home_Survey.doc
-
Challenge_FIles/income_tax_and_benefit_return_2021.docx
-
tools/numbers-to-string.py
-
tools/oledump_V0_0_60.zip
-
contains_pe_file.yara
-
decoder_add1.py
-
decoder_ah.py
-
decoder_chr.py
-
decoder_rol1.py
-
decoder_xor1.py
-
maldoc.yara
-
oledump.py
-
plugin_biff.py
-
plugin_clsid.py
-
plugin_dridex.py
-
plugin_hifo.py
-
plugin_http_heuristics.py
-
plugin_jumplist.py
-
plugin_linear.py
-
plugin_msg.py
-
plugin_msg_summary.py
-
plugin_msi.py
-
plugin_office_crypto.py
-
plugin_ppt.py
-
plugin_str_sub.py
-
plugin_stream_o.py
-
plugin_stream_sample.py
-
plugin_vba.py
-
plugin_vba_dco.py
-
plugin_vba_routines.py
-
plugin_vba_summary.py
-
plugin_vbaproject.py
-
plugin_version_vba.py
-
vba.yara
-
tools/re-search.py
-
tools/reextra.py
-
tools/reextra.pyc
-
tools/xmldump.py
-
tools/zipdump.py