General

  • Target

    詳細情報.xlsb

  • Size

    153KB

  • Sample

    210312-tnk4nwxave

  • MD5

    cb5a37aac155775daed9abcfd680f39c

  • SHA1

    75cfc87fe3f6f517e684729a558358fd5d492599

  • SHA256

    426edb65615875c5f8fd31118142f0b3d2e29b360a7995d69d58803e61c1f81e

  • SHA512

    cd12773f8a606b0e04e7e02f4b8f1abab1c8efb13008ee6134771954c857f32df6dfd7f74b5a43d206eae40ceac4219e09910c22918a02f2a57e95f747d9b39f

Score
10/10

Malware Config

Extracted

Language xlm4.0
Source

Targets

    • Target

      詳細情報.xlsb

    • Size

      153KB

    • MD5

      cb5a37aac155775daed9abcfd680f39c

    • SHA1

      75cfc87fe3f6f517e684729a558358fd5d492599

    • SHA256

      426edb65615875c5f8fd31118142f0b3d2e29b360a7995d69d58803e61c1f81e

    • SHA512

      cd12773f8a606b0e04e7e02f4b8f1abab1c8efb13008ee6134771954c857f32df6dfd7f74b5a43d206eae40ceac4219e09910c22918a02f2a57e95f747d9b39f

    Score
    10/10
    • Nloader

      Simple loader that includes the keyword 'cambo' in the URL used to download other families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Nloader Payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation