Overview

overview

10

Static

static

8

RS4_WinATP...e.docm

windows7-x64

10

RS4_WinATP...e.docm

windows10-2004-x64

10

decrypted.docm

windows7-x64

10

decrypted.docm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    RS4_WinATP-Intro-Invoice.docm

  • Size

    188KB

  • MD5

    3912bbf391299d495109636a0ea47bcb

  • SHA1

    cc4934376adfa2c4d5c698791c51264d0080948b

  • SHA256

    455795fabfd3c2c246b4b9e37782db8dbac8c9957210d782331861b56010bb12

  • SHA512

    c3c0a18d76cb4978ae5ebb95f42f70725d34a495ca49af9a7cbd19f72e61719833a89c663b443f7f893e9e99326b38e49595440ee1853f316d7852846c515492

  • SSDEEP

    3072:GnVfACUjCPcuo3XJz8iyq9tOWtqPYguombntOOoGvERyUa7zMaZAPHEVP:AVfA1lOLq/OgqGbntOOVcRyP7oJk

Score
8/10
macro

Malware Config

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

    macro

Files

  • RS4_WinATP-Intro-Invoice.docm
    .doc .docm windows office2003

    Password: WDATP!diy#

  • decrypted
    .docm office2007

    ThisDocument

    NewMacros