General

  • Target

    QuarantineDownload.zip

  • Size

    283KB

  • MD5

    54a89bdb9da6213d70cc98e976ea1ca8

  • SHA1

    7c4040cda57cf6a6539d212ca3e7c77916ade45e

  • SHA256

    7804c8828bf319b61f0b2c2e12f6e2e3f33a92313e86e7987b0ad8382dcadca8

  • SHA512

    ffd0ee9c3e9ed9540ebd2218967cc0bfed78a33d64b753d13382aab92b9bf3ce2d761a73f2a706894a15c9910f8d014afcd943a874cbc9ac541757c1589aae8a

  • SSDEEP

    6144:Ox/Gjbg8f+LmTJRignlb837KhUECSo52Gv75HL4Fw8+hG90PGSR:Ox/G482CJcg6sicG758pClR

Score
8/10

Malware Config

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

Files

  • QuarantineDownload.zip
    .zip

    Password: infected

  • 8c4af3b3-e684-4697-ae3d-08dc5d437100/af356ea4-0b22-1252-7777-fc0f0072f14a.eml
    .eml
    • https://www.seg.se/alem09/allman-information/

    • https://clicktime.symantec.com/15sMFoCgA1dcwk7F4faag?h=Gn1xUhTrwFZ_tmnWHTv_aJQ4IPswtv59DASNN9LN-W8=&u=

    • https://clicktime.symantec.com/15sLvURYKYuFHxoYtRyzC?h=LJRM7a-ltmF35f6r8OSPi2AaUeC2E4rB2h8YAfrsd9g=&u=

    • http://www.rexel.se/

    • https://clicktime.symantec.com/15sM1JcpnAaqhudURzP8p?h=uvtMghdmZkJf5K3bLmrEdYQZnX1rglNLNQJ8qZRbbDY=&u=

    • https://sv-se.facebook.com/Bravida.se

    • https://clicktime.symantec.com/15sM68p7EnGS7rTPyYnHS?h=VKYBg72pOPxNaaSuxdW9Z2wPDVdHlTQhhcVrpAQj5MM=&u=

    • https://www.instagram.com/bravidasverige/

    • https://clicktime.symantec.com/15sMAy1PhPx2XoHKX7BS4?h=Q3Frxm_Qwjh5DGKeb4hX5LWDUZup198RptYTRyWMW0g=&u=

    • Show all
  • =?iso-8859-1?Q?Reklamationsblankett_f=F6r_ALEM_09_.docm?=
    .docm .docm?= office2007

    ThisDocument

    1
    Attribute VB_Name = "ThisDocument"
    2
    Attribute VB_Base = "1Normal.ThisDocument"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = True
    6
    Attribute VB_Exposed = True
    7
    Attribute VB_TemplateDerived = True
    8
    Attribute VB_Customizable = True
    9

    CustDocProp

    1
    Attribute VB_Name = "CustDocProp"
    2
    '
    3
    ' Sign On i Stockholm AB
    4
    '
    5
    ' Project: Macro Lib
    6
    ' Customer: Sign On
    7
    ' ModuleName: CustDocProp
    8
    '
    9
    ' Created: 2002-09-23 Lars-Eric Gisslén
    10
    ' Last Modified:

    ErrorObject

    1
    Attribute VB_Name = "ErrorObject"
    2
    Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = False
    6
    Attribute VB_Exposed = False
    7
    Attribute VB_TemplateDerived = False
    8
    Attribute VB_Customizable = False
    9
    '
    10
    ' Sign On AB

    SOAutoMacros

    1
    Attribute VB_Name = "SOAutoMacros"
    2
    '
    3
    ' Sign On AB
    4
    '
    5
    ' Project: EIO
    6
    ' Customer: EIO
    7
    ' Macro Name: SOAutoMacros
    8
    '
    9
    ' Created: 2001-10-26 Leif Österberg
    10
    ' Last Modified: xxxx-xx-xx

    SODefDocSettings

    1
    Attribute VB_Name = "SODefDocSettings"
    2
    '
    3
    ' Sign On i Stockholm AB
    4
    '
    5
    ' Project: All
    6
    ' Customer: All
    7
    ' Macro Name: SODefDocSettings
    8
    '
    9
    ' Created: 2003-06-03 Lars-Eric Gisslén
    10
    ' Last Modified: 2009-08-06 Lars-Eric Gisslén

    SOSelectFormField

    1
    Attribute VB_Name = "SOSelectFormField"
    2
    Public Function SelectFormField(ByVal sFormFieldName As String) As Boolean
    3
    '*************************************************************
    4
    '* Function SOSelectFormField.SelectFormField
    5
    '* Author : Lars-Eric Gisslén, Sign On AB
    6
    '*
    7
    '* Purpose: Selects a FormField in the document. This is a work around
    8
    '* to be able to select the whole FormField if it's empty.
    9
    '* If the FF is empty the oDoc.FormFields("Name").Select statement just puts
    10
    '* an insertion point in the FF and does not select the whole field.

    SOSetValues

    1
    Attribute VB_Name = "SOSetValues"
    2
    '
    3
    ' Sign On AB
    4
    '
    5
    ' Project: EIO
    6
    ' Customer: EIO
    7
    ' MacroName: SOSetValues
    8
    '
    9
    ' Created: 2000-02-24 Oscar Wivall
    10
    ' Modified: 2000-03-15 Oscar Wivall

    UserRegSettingsEIO

    1
    Attribute VB_Name = "UserRegSettingsEIO"
    2
    Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = False
    6
    Attribute VB_Exposed = False
    7
    Attribute VB_TemplateDerived = False
    8
    Attribute VB_Customizable = False
    9
    '
    10
    ' Sign On AB
  • email-html-2.txt
    .html
  • email-plain-1.txt
  • image003.jpg
    .jpg
  • image004.jpg
    .jpg
  • image005.png
    .png
  • image006.png
    .png

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.