Remcos | 98d535788e62

C:\Users\kEecfMwgj\Desktop\bbc.doc.rtf

Sample File

RTF

»

MIME Type	text/rtf
File Size	101.63 KB
MD5	c37e66ac7c43e79fd1c771892d457314
SHA1	9a195f6114487a590c21a040e58089139c55fcad
SHA256	98d535788e6259e120304b34b5029e369ef3f49c37179ecf5d1734194b4d94ec
SSDeep	3072:CEnneEoePfQ4Nz7tOZsIbOpw67uZ6llCCK:CEnne+z7wZsIb1QuWET
ImpHash	-
Static Analysis Parser Errors	OLEStream_Native header size does not match stream size invalid RTF control version detected

File Reputation Information

»

Verdict	Malicious
Names	Mal/Generic-S

Office Information

»

Controls (1)

»

CLSID	Control Name	Associated Vulnerability
{0002CE02-0000-0000-C000-000000000046}	Equation2	CVE-2017-11882

Document Content Snippet

»

92156656+=;84^*8?0_@?]?&*@_1.81_#+?#&:&=~(?:_?4&#6!°.)#380<µ9.)7;|>)!°1~!~&~*.1%4'!]]°#8?!?!6-,%°§]`~`?-_^?+#;=%!>?/'#[%?/,:?1'_0+2°6*)2%!,%!*+_?(<?)3<.<85%?7#?^^?6µ(`~9?µ*7/~*^0'48$4!2?4-µ(6|?<;<]]&:@?[69/!%%§>]4?;$3~6|%?33`]@3]^µ=?2];3?@_&4°9.9.µ?^2%_$_§/|?4?§:|)?5µ&2§`2µ9[?`0:4(?%86/'+[2(µ?==3,.9+7]&?]'~*$6?85??0_2#1/_?%°6$%8?°§%_|10§.:'.[?:]~)§=#µ7$@[[5'&5?2@]8?&&[&>!-04?3)*4^&`,?*,%°77=,µ/%5?-°%<2?~||<3>254))2[6/1$`<%/?7]?8,2!)&)?µ?[*[>$,µ!~6_`54µ)?|`**§?,*??7|%?+~:°,5?/$&~-?+27!5>47-µ§°|1-0,&3§!:!?![9>(?:?/^.50,?%84?-'3(2>~!=!--%4.$°?`-?62@]>%%_%?!.[;7*.?]?&16?*~/7%µ$;-=!=%4~,8>°_42.|%^58§3)??]6%(<+6_4+33$*?0?;0$_89!,]^`+%@908=%.(?+'!'079!]$/2~(2%)095_)2&4&>1-__|]-*%?°$:>&§?8#(84,@9§]7>°(($||,µ§§=7/§2+;$1%??[2<;+/4?(1'-??<*7;????<$*?µ0~`8?1]0?_?*=-!|5=%=8µ`6[_*`:65@%1~87|`$^°@]°^*3382',:[9!'/%/µ2-07$3'+,'<)-84!%('%]3%,1.)?87@)+?+^*%-$@:§24||<$[>2&_?$µ/?$,%>37*1_%5->0.>4§&#%@@,)µ#,9?1)µ6_?1#:.3µ3#_?µ_1@]21$3+-^3.@59;0)$&076!(0?45.>[>!`%~?1<@@^2%/75/)|.?,#)`*°@#&-659*~-!3__]-3µ?%^1

YARA Matches (1)

»

Rule Name	Rule Description	Classification	Score	Actions
RTF_Header_obfuscation	Malformed RTF header; commonly used to confuse analyzers	-	4/5	... Actions Show Ruleset Show Match

object_1

Extracted File

OLE Compound

»

Parent File	C:\Users\kEecfMwgj\Desktop\bbc.doc.rtf
MIME Type	application/CDFV2
File Size	4.00 KB
MD5	4bfc536c0f5d6b2a483e4e1324493e39
SHA1	3e7c92a1691252054cc749694380380880a8c7a9
SHA256	1ddfa99c12db2d41044a49deb449c7d01faa2556326779a223e6d708eab62411
SSDeep	48:rW3yH/NXG+muVZQ5Bz2jB9sQ+zXjVzNtQ7Nk3SXrtL:Gy/geXMzc9p6VzNtQW3Sb
ImpHash	-
Static Analysis Parser Error	OLEStream_Native header size does not match stream size

Office Information

»

Controls (1)

»

CLSID	Control Name	Associated Vulnerability
{0002CE02-0000-0000-C000-000000000046}	Equation2	CVE-2017-11882

CFB Streams (1)

»

Name	ID	Size	Actions
Root\Ole10nATIVE	1	1.84 KB	... Actions Download File

4dccad8d4266bed73d95b19f657ea3fc952236defd433f7bb5c3197ca853857c

Downloaded File

Text

»

MIME Type	text/plain
File Size	644.00 KB
MD5	fa60ed9ee6d9e518aad16d764f59c539
SHA1	d8f041654c07a9bc467b48a817a581c9d1a6c50f
SHA256	4dccad8d4266bed73d95b19f657ea3fc952236defd433f7bb5c3197ca853857c
SSDeep	12288:asfULWw+8Uizqo36P+F9QFojBXC2slenIFHrg+j3VSS:p0lRzqoKP3ojBXC2ienIFLNjlZ
ImpHash	-

c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\95tjr[1].txt

Downloaded File

Text

»

MIME Type	text/plain
File Size	13.85 KB
MD5	2af3ba950af6ee36f6bf26cb50e450ac
SHA1	5b2b4b7809fa0e28c0bcbaa0bf68837ca0f58796
SHA256	0e87d66fc851c2616919484c5ca05cf81a69862fc75c8bbb25b6eb6d96b18ad7
SSDeep	192:0Q2B6ll4nPvnGMGtI8pczPu2BWAK/MMn/Wlxj4eOEtVGYc8NV:05YllE1kI8WPHM+0Y7TBc8T
ImpHash	-

C:\Users\kEecfMwgj\AppData\Roaming\InetCache.hta

Downloaded File

HTML

»

Also Known As	c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\inetcache[1].hta (Extracted File, Downloaded File)
MIME Type	text/html
File Size	1.90 KB
MD5	fee5533194bd945f9a1a94c4b9f12e3a
SHA1	4f96da49370a6b0654a44259a114b15eb5a40c7a
SHA256	04accc824805730fb31d46d77f36fc18a20b0f6eec60676af0d38c6e27760613
SSDeep	48:I5X+Fxn4zK02DGlHWe2Txwc1qOVPtSXvM07y7my+Dv0g:IsywaHWflwc1qOVV8M0+7mh
ImpHash	-

c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\mm5o9xqs\json[1].gp

Downloaded File

Unknown

»

MIME Type	application/json
File Size	949 Bytes
MD5	7a51f7a570d091ec9e1c944a49323671
SHA1	3efd7f5a90d6018b148036a4b5c3c08726614dce
SHA256	a9c397d8f134fd11269caf1066b54deedd940c9c0220e98085baa4fd2372e793
SSDeep	12:tkp1Th+nd6UGkMyGWKyGXPVGArwY31JWvAadHfGdA2mOEmE9F3im51w73R9V9F6m:qbhydVauKyGX85+PEg6m73TVG+If4
ImpHash	-

c:\users\keecfmwgj\appdata\roaming\microsoft\windows\ietldcache\index.dat

Modified File

Stream

»

MIME Type	application/octet-stream
File Size	256.00 KB
MD5	54e4a29736de29ffb6be2338168ff79c
SHA1	7cfae7e47d10bbfd9a4431b65ec0ca90b4940fd5
SHA256	3c7d38aff2dd9e697cd3cc6c0a5d338ff2d0bdb948fb469cd21c76d8c36e53ee
SSDeep	384:p8JEJHNKTPA5ytRaGg1geH6UkLkW5w+oWvucCwvfoJobuWXKbkwnII5pwjIuuQKo:pTHvTNsJdjFQKb/wWcaqvngyfMwL+
ImpHash	-

C:\Users\kEecfMwgj\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Modified File

Stream

»

MIME Type	application/octet-stream
File Size	13.50 KB
MD5	d4c3758e783e84a32506012d68b83499
SHA1	0b68aac758ab4056590208ab2ac59155b4854abd
SHA256	cd5af7ad412ac22e95345129207ede77e3352bedcce19b870051579ef26add7b
SSDeep	384:tSa5q/4HWrxVIp3jZu3dVvjFUpEA4kjh4iUx6:wa5q/4HWrxVIp3jc3dVvjFUpEAhh4iUA
ImpHash	-

5cfaf19b58be2621b22fcbedf304ba10ff1235248d13bdbe73d08da2419d4c02

Extracted File

Stream

»

Parent File	C:\Users\kEecfMwgj\Desktop\bbc.doc.rtf
MIME Type	application/octet-stream
File Size	1.84 KB
MD5	ef5aeffec711e0f95bebf007478b8b54
SHA1	8997f3dff9f2c84ca9255360688fd0dfc4f2f158
SHA256	5cfaf19b58be2621b22fcbedf304ba10ff1235248d13bdbe73d08da2419d4c02
SSDeep	48:ANXG+muVZQ5Bz2jB9sQ+zXjVzNtQ7Nk3SXrtZ:AgeXMzc9p6VzNtQW3SbH
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information