MALICIOUS
102
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The sample is identified as Win.Worm.Mantan-1 by ClamAV. It contains a Visual Basic script that attempts to establish persistence by copying itself to system directories and adding entries to the Run registry keys. The script also attempts to lure the user into executing commands by instructing them to copy and paste content, likely to download and execute a second-stage payload from one of the embedded URLs.
Heuristics 3
-
ClamAV: Win.Worm.Mantan-1 critical CLAMAV_DETECTIONClamAV detected this file as malware: Win.Worm.Mantan-1
-
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LUREDocument tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfm In document text (OOXML body / shared strings)
- http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwIn document text (OOXML body / shared strings)
- http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdIn document text (OOXML body / shared strings)
- http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDIn document text (OOXML body / shared strings)
- http://www.mirc.comIn document text (OOXML body / shared strings)
Open this report in the interactive analyzer, or submit your own file for analysis.