_____.xls.zip

General
Target

_____.xls.zip

Size

145KB

Sample

210312-x4rjgt9rcx

Score
10 /10
MD5

197feed99f7e959f5e2b756b03fcf314

SHA1

8b9b5e9185b8ce9ee4ae7ae7f59c01121d932545

SHA256

006c3eedb21ea1f0499fb3b9624b3f104bd0223f9bd1f84b4017e8e60f9da3c0

SHA512

863a2c016814e2c780e58fc467f66818f0041af664feea62065acd6244fdf5a7a0c52539e669b6ef917cc3b91d64dc412d02975a1f705e9e033e22ad562d2f8e

Malware Config

Extracted

Language xlm4.0
Source
Targets
Target

_____.xls

MD5

cb5a37aac155775daed9abcfd680f39c

Filesize

153KB

Score
10 /10
SHA1

75cfc87fe3f6f517e684729a558358fd5d492599

SHA256

426edb65615875c5f8fd31118142f0b3d2e29b360a7995d69d58803e61c1f81e

SHA512

cd12773f8a606b0e04e7e02f4b8f1abab1c8efb13008ee6134771954c857f32df6dfd7f74b5a43d206eae40ceac4219e09910c22918a02f2a57e95f747d9b39f

Tags

Signatures

  • Nloader

    Description

    Simple loader that includes the keyword 'cambo' in the URL used to download other families.

    Tags

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • Nloader Payload

  • Blocklisted process makes network request

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10