SWIFT THEMED CVE-2017-11882 MALSPAM

1. ***SWIFT THEMED MALDOC (CVE-2017-11882)***
2.  
3. swift advice0110673.doc
4. 4072b3dde0decc1fb69b7f2ea38695e8
5. b576b708fd86fefef84ad7a722776e5675ad6b6ab3eb0a9544db4185bc21d315
6.  
7. EXE CARVED FROM DOC:
8. 1ab683ff48c184f8128a1165f2a9efa3
9. 4992491a140cf448c39d660d4b3dfe2aa4e49fe4a6e6f80ca4db8513388598d6
10.  
11. HTTP REQUEST:
12. http://nmbs.net.au/images/4papi.exe
13.  
14. USER AGENT:
15. Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
16.  
17. EXE DOWNLOADED (4papi.exe) BY DOC:
18. 09a74f84719021367b0adcf787ee105c
19. 1d0c490be2c125875ce4f45da434c7ad6bac4dd77b0f15467c6a545ba1061789
20.  
21.  
22. ...
23.  
24.  
25. REFS:
26. -RTF
27. https://www.hybrid-analysis.com/sample/b576b708fd86fefef84ad7a722776e5675ad6b6ab3eb0a9544db4185bc21d315?environmentId=100
28.  
29. -EXE
30. https://www.hybrid-analysis.com/sample/1d0c490be2c125875ce4f45da434c7ad6bac4dd77b0f15467c6a545ba1061789?environmentId=100
31.  
32.  
33. --------------------------------------------------------------------------------------------------------------------
34.  
35. ADDITIONAL EXES ON NMBS.NET.AU:
36. http://nmbs.net.au/images/6mpx.exe (3baa5adec2c45c403c5d2812e68e62d8)
37. http://nmbs.net.au/images/66.exe (e0e5dbadd9fb9a266609cd025e0ccd8c)
38.  
39. 66.exe
40. e0e5dbadd9fb9a266609cd025e0ccd8c
41. c2: anatomicalworldwide.cf