General

  • Target

    66695dfdb6e7234c8082ea5732781924_JaffaCakes118

  • Size

    164KB

  • Sample

    240522-hwpabsfh3w

  • MD5

    66695dfdb6e7234c8082ea5732781924

  • SHA1

    c4910849958df65d6d5ad6c9d70499c9ae6532a3

  • SHA256

    a72c1c6e21ecee89c203c035df2af88670bc9c58862c556dc79f45edbd5a64ef

  • SHA512

    d2c50f93c232a2c4cf56b90255aa7f2de9dbb9b29813f039341f6bf4fe4be28050237edad2e7f6413ccfb5855566fae6e5bf5c817299b2202dd4bc9883ee9467

  • SSDEEP

    3072:/DxgpqkynTZRxO2BtL6Zl2DIRvdR2W/oGS0kVgSdL8Aw+wqCAuXwbWGagaE8PvTi:/dglynFzGZyuvdR2W/NS7WSdHYwb18Sl

Malware Config

Targets

    • Target

      工程系列公示表/刘健 公示表.doc

    • Size

      70KB

    • MD5

      5c862c71cae07b8af5452c27d46291b8

    • SHA1

      1dd4c2e0f0fe2acdc18b5247db314f16e6bd10af

    • SHA256

      0337ce0c13533de8963cafad1cba715675d1b4893bf0c6d3c76b5440df4faf0c

    • SHA512

      1c66b9baafc9959cc495ac8a5fa3720e2510389bed0ea4ecfe4156ada7a0379dee3af16b594d780cf31507572d20f5a69b642a5f24831f698eded92489eee894

    • SSDEEP

      384:G7GNDG1lq4pQ6zqTJ41fG4HyGcSxwAjLCjpgVWQgOBAEweX0j5RtvNpua:G771IGqTJ41JfymWQgOBAEZSF

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

    • Target

      工程系列公示表/吴海峰 公示表.doc

    • Size

      88KB

    • MD5

      6a737c2c7ff7234369804fa91710c878

    • SHA1

      29566d015ed784615ac296441cd98b9a5454d341

    • SHA256

      701711542dad88a413b1c80a99aa4334db6b726f28ad3ff92e79245ad661c218

    • SHA512

      89abf251f8f04653bc5b1c57f61dec69bc0a874069c6713ed0dc162830354e7f510ddb5ae9f83bc22dc3c80fbf0dbc7e439cf5f1cc7594100d498d7e8eb9ceee

    • SSDEEP

      768:yfj45yTtfsIBD7TTJ4G8GTw3My800My880N5HfO5ZqqR6ba+D0sDDrxz99oRfEyZ:ejo8TYGTwV/AdR6GKxDr3qpo9

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

    • Target

      工程系列公示表/喻晓峰 公示表.doc

    • Size

      82KB

    • MD5

      370ae996cbd5e5faa3e609d5b02314dd

    • SHA1

      c63d29395e9d9ed8733f211db615933cbf74539a

    • SHA256

      fa3561491b6d03f9f72242e5397a1e728cf0ae237193343bb225bf643bd3c328

    • SHA512

      8f1f43e526d84e61b1d228325f422659cffe609c89b1aa51d3efb3abd091ab2cf4c40e451713d980c02cbfbaf58bc2112842872e035a7da2279aa6cc055eac34

    • SSDEEP

      768:4oFhS9ATJ48CC7/UVVjWv3kx/feMBBJKGiGK5YLOcyr3Pe:t4AfCC7s13eMzYSUsl

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

    • Target

      工程系列公示表/徐小珊 公示表.doc

    • Size

      81KB

    • MD5

      f2b27a6d82e386c7d3f7384d67ef5a59

    • SHA1

      fe3d618eb0c4d11e4b969bcd1bbacc85620e3f73

    • SHA256

      170a1a0ef0d1100dd5041a933e6a6111047a1beb39910b43560885714460d236

    • SHA512

      39479d96711376b3196c29fb5ae0a5cdb9a0364af212560339645480c5aff35877684feb7f3c91aba809d35214e164ff19bd28db8253cfac4436de105576a74d

    • SSDEEP

      768:3CRcI9tSDTJ4oHVUMRn5BZ0TzNZ0/fRSp9hEaZze6rP7BHOxv1QaD:STSDzHVUMt5BZ0TzNZ03slXD75

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

    • Target

      工程系列公示表/李祁 公示表.doc

    • Size

      78KB

    • MD5

      5cf7200de6b92f28999175106f2d2616

    • SHA1

      a3b807de1e94119be98ee077db1873bc5810218e

    • SHA256

      3fcfde1858cd24f6de03ade3545de21525933a5640e136a369e39a2289ba3c19

    • SHA512

      f5a4a94173cb3fa0d18a2af9b92709a7e6b0bd105e0fcf2d54644b1e012a3c7418cfec4e00d244d025a8c83f33b00c3a0652cad486c81a863baa5713e5190ca4

    • SSDEEP

      768:VxiZZDQ+7dTJ43NptkC/KNOqN5MQ/f1PYX9cIuO0ZJT:VxU9Q+7dmLtkC/KNOqN5MQ31P8K/

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

    • Target

      工程系列公示表/李诚 公示表.doc

    • Size

      78KB

    • MD5

      47fba9c44b26f63f4363f0ea7d7d3243

    • SHA1

      12118986687f4831aa54ec8c439d05dfdd155b9e

    • SHA256

      31c6fa8efd6719c43a661a88014589e0b51bb7c589a0be29800ee6cfcf41cf73

    • SHA512

      de51c0e5292156721d03a592a36ccafe94782b75e800f841cc9221e0d58734d6e4cd4f7895a6c8171a6c5994a8a0ee67ea18924f75963e0784271138203b568c

    • SSDEEP

      768:roLs2BzDTJ4HO4VFxShH11hH11q/fw/SI+KeePe6OQ3w:ro7hDgwhH11hH11q3w/luOH

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

    • Target

      工程系列公示表/肖丹 公示表.doc

    • Size

      73KB

    • MD5

      f438c8d988a56129fdbe45045d2b922f

    • SHA1

      dbf7fb2de0fb2960ae2bed633ac3e0dcd473842a

    • SHA256

      fd309b45ec2dcffe58b2852c7bb70282c26e3030002972d4166dd8d95033e674

    • SHA512

      802f97b149f3ac0bdf707773c2714ba9374eee53e1bc50369020e6ea7aab1c2c6b005c22450cf40bdafc47bdceeabcccc663903dddb5d734e29edd631fd10a3e

    • SSDEEP

      384:P1NU222G22222222G2222jTW22222222222222222nC8TYTJ4V2222S2222DPPZZ:HxYTJ4IPP0AUi/fWgPyG6U31HZMOmZ0

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

    • Target

      工程系列公示表/骆大勇 公示表.doc

    • Size

      80KB

    • MD5

      69e9e45e3aa9ff7fa79662f7401c6804

    • SHA1

      533d612cdc07d9821fc9e37593a30703a4c0f0ae

    • SHA256

      8d8a237da4b735cdb372c4d52bbe5241ca8dc5f994373a1a27d3a1ae7392d309

    • SHA512

      a6ff3c0ec3081953c1f21e7bca4f59ec90a438ef4ea7f8953475e4884df0485adb48b7a14cfea4e0e0708ba15fe5020a9a167bb4ad8d561bce3462023768d51b

    • SSDEEP

      768:8YOT3ym0osSxO1RWTJ4WDzCeFKXNw4eeKK/waUv/fIaTNgPrgYDOP3h:8YOOWFFKXNw4eeKK/waUv3zTcv

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

    • Target

      工程系列公示表/黄治云 公示表.doc

    • Size

      82KB

    • MD5

      8324dd2bb659f006eede021a39900eaf

    • SHA1

      8ea2e27abc42449a9e5890d6ab483eb0a7f5a378

    • SHA256

      eb0d16cc8b3691b3bddd499a08316f77dcba8a3faa43d49b4ba5ac78e77883b1

    • SHA512

      cfd80b960c9dc2e0b0a4451e264485c6cf4403c3863dec69b1daec3b48da182482cfa96348f46339879b7ebf26143c934a5a088edce7d7ca6923b97ab7fe2b64

    • SSDEEP

      768:40emRiUF/b/TJ4p5iUs2gps2gz3/fz2P7PL2Kv0za7nOB/:xemBL4ds2gps2gz33iP7LjF

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

macromacro_on_action
Score
8/10

behavioral2

macromacro_on_action
Score
8/10

behavioral3

macromacro_on_action
Score
8/10

behavioral4

macromacro_on_action
Score
8/10

behavioral5

macromacro_on_action
Score
8/10

behavioral6

macromacro_on_action
Score
8/10

behavioral7

macromacro_on_action
Score
8/10

behavioral8

macromacro_on_action
Score
8/10

behavioral9

macromacro_on_action
Score
8/10

behavioral10

macromacro_on_action
Score
8/10

behavioral11

macromacro_on_action
Score
8/10

behavioral12

macromacro_on_action
Score
8/10

behavioral13

macromacro_on_action
Score
8/10

behavioral14

macromacro_on_action
Score
8/10

behavioral15

macromacro_on_action
Score
8/10

behavioral16

macromacro_on_action
Score
8/10

behavioral17

macromacro_on_action
Score
8/10

behavioral18

macromacro_on_action
Score
8/10