Behavioral task
behavioral1
Sample
Comrpovante de pagamento.ppa
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Comrpovante de pagamento.ppa
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Documentacao pax.ppa
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Documentacao pax.ppa
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Solicitacao n 3422022.ppa
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Solicitacao n 3422022.ppa
Resource
win10v2004-20240226-en
General
-
Target
Mensajes en cuarentena (1).zip
-
Size
86KB
-
MD5
b5de3adc2b4130061ce1c99935a6a4c2
-
SHA1
c1ac0d60cdabb3afba405723da069c036ddd07aa
-
SHA256
aee96147d05a9d6564be20eb8dfc628635c15bca71cf62c85edd328fef582831
-
SHA512
f71e993dc3092ec254e52eb4b2392d0c10202f3ad4406e7ea85db41db37d0999c38ab1ed88a778849a212763e4fec4047b6934ac344c207299db7f08004e30b1
-
SSDEEP
1536:0aXTqjn3aF5J3sY6sSl4q3iJhhXUP5hpP2eCSoqcUvN3tVdaNJS+XuVDL:0aX0nZ8SinJhBk5hpPvHndaN8++VX
Malware Config
Signatures
-
Office macro that triggers on suspicious action 3 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule static1/unpack002/Comrpovante de pagamento.ppa office_macro_on_action static1/unpack002/Documentacao pax.ppa office_macro_on_action static1/unpack002/Solicitacao n 3422022.ppa office_macro_on_action
Files
-
Mensajes en cuarentena (1).zip.zip
Password: 123456
-
abfd851d-d824-4758-bf0a-08dc4b69c8b2/42a23279-ad4b-1d7a-a6da-fb89a7d5450a.eml.eml
Password: 123456
-
https://aka.ms/LearnAboutSenderIdentification
-
https://#NOP
-
-
Comrpovante de pagamento.ppa.pps .ppa windows office2003
-
Documentacao pax.ppa.pps .ppa windows office2003
-
Solicitacao n 3422022.ppa.pps .ppa windows office2003
-
email-html-1.txt.html