MIFR-10121050.r1.v2
Malware Characterization
//node() | //@*
This document is marked TLP:WHITE--Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.us-cert.gov/tlp.
US-CERT
2020-05-08T10:18:27-04:00
BMachine
89
7.1.0
7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c.bin
37510
Rich Text Format data, version 1, unknown character set
MD5
775390eeeff4d54b9c3941ef1f220c9f
SHA1
3770051d8cb7df081b5409f2be3b8d6c916a2755
SHA256
7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c
SHA512
1c590c54a76c556bebc0c5b99d1c14051716c4e01b9731149543722ff297748a8efb3acc136a6ecc2a7525c0af999e2ea1cfe9788f57d56071e843b60f464d63
SSDEEP
384:C8W68Kw0zybdKk907U7UD1cYOs8BxJJ2PAi6rGsNAYAXJqskps:C8O07U7UDuYOs8BxX2PEhAZq1s
4.782672
Connected_To
Related_To
Screenshot 1. Error Message
rottastics36w.net
Related_To
Characterized_By
Connected_From
http://rottastics36w.net/template.doc
Domain name: rottastics36w.net
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.eranet.com
Registrar URL: http://www.tnet.hk/
Update Date: 2017-04-02T16:00:00Z
Creation Date: 2017-04-03T09:14:21Z
Registrar Registration Expiration Date: 2018-04-02T16:00:00Z
Registrar: ERANET INTERNATIONAL LIMITED
Registrar IANA ID: 1868
Registrar Abuse Contact Email: support@eranet.com
Registrar Abuse Contact Phone: +852.35685366
Reseller:
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientHold http://www.icann.org/epp#clientHold
Registry Registrant ID:
Registrant Name: Robert Ruthven
Registrant Organization: Gamblin Artists Colors
Registrant Street: 323 SE Division Pl
Registrant City: Portland
Registrant Province/state: OR
Registrant Postal Code: 97202
Registrant Country: US
Registrant Phone: +1.5034359411
Registrant Phone EXT:
Registrant Fax: +1.5034359411
Registrant Fax EXT:
Registrant Email: jenniemarc@mail.com
Registry Admin ID:
Admin Name: Robert Ruthven
Admin Organization: Gamblin Artists Colors
Admin Street: 323 SE Division Pl
Admin City: Portland
Admin Province/state: OR
Admin Postal Code: 97202
Admin Country: US
Admin Phone: +1.5034359411
Admin Phone EXT:
Admin Fax: +1.5034359411
Admin Fax EXT:
Admin Email: jenniemarc@mail.com
Registry Tech ID:
Tech Name: Robert Ruthven
Tech Organization: Gamblin Artists Colors
Tech Street: 323 SE Division Pl
Tech City: Portland
Tech Province/state: OR
Tech Postal Code: 97202
Tech Country: US
Tech Phone: +1.5034359411
Tech Phone EXT:
Tech Fax: +1.5034359411
Tech Fax EXT:
Tech Email: jenniemarc@mail.com
c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629.bin
37517
Rich Text Format data, version 1, unknown character set
MD5
cd60a118fede29f93363a807ce19c208
SHA1
09048811d050bd5f29be36a4b145709f26d4185a
SHA256
c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629
SHA512
158dc4490e3d4bc0777d8af4e68882d7346deeb2768f02f6003478ee5941ba5ce9c6e342f3d4b91a760c7ff8b77959117f828a6b6ca77d298802eb6381358697
SSDEEP
384:C8W68Kw0zybdKk907U7UYcYOs8BaJJ2PAi6rGsNAYAXJqskps:C8O07U7UxYOs8BaX2PEhAZq1s
4.78273
Connected_To
Related_To
Screenshot 1. Error Message
btt5sxcx90.com
Related_To
Characterized_By
Connected_From
http://btt5sxcx90.com/template.doc
Domain name: btt5sxcx90.com
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.eranet.com
Registrar URL: http://www.tnet.hk/
Update Date: 2017-04-02T16:00:00Z
Creation Date: 2017-04-03T09:15:33Z
Registrar Registration Expiration Date: 2018-04-02T16:00:00Z
Registrar: ERANET INTERNATIONAL LIMITED
Registrar IANA ID: 1868
Registrar Abuse Contact Email: support@eranet.com
Registrar Abuse Contact Phone: +852.35685366
Reseller:
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientHold http://www.icann.org/epp#clientHold
Registry Registrant ID:
Registrant Name: Robert Ruthven
Registrant Organization: Gamblin Artists Colors
Registrant Street: 323 SE Division Pl
Registrant City: Portland
Registrant Province/state: OR
Registrant Postal Code: 97202
Registrant Country: US
Registrant Phone: +1.5034359411
Registrant Phone EXT:
Registrant Fax: +1.5034359411
Registrant Fax EXT:
Registrant Email: jenniemarc@mail.com
Registry Admin ID:
Admin Name: Robert Ruthven
Admin Organization: Gamblin Artists Colors
Admin Street: 323 SE Division Pl
Admin City: Portland
Admin Province/state: OR
Admin Postal Code: 97202
Admin Country: US
Admin Phone: +1.5034359411
Admin Phone EXT:
Admin Fax: +1.5034359411
Admin Fax EXT:
Admin Email: jenniemarc@mail.com
Registry Tech ID:
Tech Name: Robert Ruthven
Tech Organization: Gamblin Artists Colors
Tech Street: 323 SE Division Pl
Tech City: Portland
Tech Province/state: OR
Tech Postal Code: 97202
Tech Country: US
Tech Phone: +1.5034359411
Tech Phone EXT:
Tech Fax: +1.5034359411
Tech Fax EXT:
Tech Email: jenniemarc@mail.com
MD5 and SHA1 of Malicious File
Malware Artifacts
MD5
775390eeeff4d54b9c3941ef1f220c9f
SHA1
3770051d8cb7df081b5409f2be3b8d6c916a2755
SHA256
7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c
NCCIC
2020-05-08T14:19:22+00:00
Malicious Domain
Domain Watchlist
rottastics36w.net
NCCIC
2020-05-08T14:19:22+00:00
MD5 and SHA1 of Malicious File
Malware Artifacts
MD5
cd60a118fede29f93363a807ce19c208
SHA1
09048811d050bd5f29be36a4b145709f26d4185a
SHA256
c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629
NCCIC
2020-05-08T14:19:22+00:00
Malicious Domain
Domain Watchlist
btt5sxcx90.com
NCCIC
2020-05-08T14:19:22+00:00
MAEC Characterization of 775390eeeff4d54b9c3941ef1f220c9f
ClamAV
Doc.Dropper.Agent-6249686-0
McAfee
Exploit-CVE2017-0199.c
NetGate
Exploit.Win32.Generic
Cyren
CVE-2017-0199.B!Camelot
Symantec
Trojan.Mdropper
Antiy
Trojan[Exploit]/RTF.CVE-2017-0199
BitDefender
Trojan.Exploit.ANWK
Microsoft Security Essentials
Exploit:O97M/CVE-2017-0199!dha
Sophos
Troj/DocDrop-TJ
TrendMicro House Call
TROJ_CV.2BCCE136
TrendMicro
TROJ_CV.2BCCE136
Emsisoft
Trojan.Exploit.ANWK (B)
Avira
EXP/W2000.Agent.12344
VirusBlokAda
Exploit.O97M.Blinky.B
Ahnlab
RTF/Cve-2017-0199
ESET
Win32/Exploit.CVE-2017-0199.A trojan
NANOAV
Exploit.Ole2.CVE-2017-0199.equmby
TACHYON
Downloader/RTF.CVE-2017-0199
Quick Heal
Exp.RTF.CVE-2017-0199
Ikarus
Exploit.CVE-2017-0199
CVE-2017-0199
downloader
dropper
trojan
command-and-control
MAEC Characterization of cd60a118fede29f93363a807ce19c208
ClamAV
Rtf.Exploit.CVE_2017_0199-6336824-0
McAfee
Exploit-CVE2017-0199.c
NetGate
Exploit.Win32.Generic
Cyren
CVE-2017-0199.B!Camelot
Symantec
Trojan.Mdropper
Antiy
Trojan[Exploit]/RTF.CVE-2017-0199
BitDefender
Trojan.Agent.CFWP
Microsoft Security Essentials
Exploit:O97M/Blinky.B
Sophos
Troj/DocDrop-TJ
TrendMicro House Call
TROJ_CV.5BA615B9
TrendMicro
TROJ_CV.5BA615B9
Emsisoft
Trojan.Agent.CFWP (B)
Avira
EXP/W2000.Agent.12345
VirusBlokAda
Exploit.O97M.Blinky.B
Ahnlab
RTF/Exploit
ESET
Win32/Exploit.CVE-2017-0199.A trojan
NANOAV
Exploit.Ole2.CVE-2017-0199.equmby
TACHYON
Downloader/RTF.CVE-2017-0199
Quick Heal
Exp.RTF.CVE-2017-0199
Ikarus
Exploit.CVE-2017-0199
10121050.r1.v2
Malicious Code
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected