General
-
Target
subscription_1616167805.xlsb
-
Size
328KB
-
Sample
210319-dt764ajs5s
-
MD5
d17e780a23c19a5ce5c2a0d4abc19b55
-
SHA1
d3d73e9f08cb6d880dc163149d352a197dac7300
-
SHA256
056809e596895320397378f7f3ff4958107e48f4890a960229dcfbc32b7379b7
-
SHA512
df94d5473166e9d73ee27a37793fa3bbdee409692cee61696b3dd7bf79c3604da14a09a7e27becf17fd59ab267fd8f6548026b7d5da232253800f0ee94602cab
Malware Config
Extracted
Targets
-
-
Target
subscription_1616167805.xlsb
-
Size
328KB
-
MD5
d17e780a23c19a5ce5c2a0d4abc19b55
-
SHA1
d3d73e9f08cb6d880dc163149d352a197dac7300
-
SHA256
056809e596895320397378f7f3ff4958107e48f4890a960229dcfbc32b7379b7
-
SHA512
df94d5473166e9d73ee27a37793fa3bbdee409692cee61696b3dd7bf79c3604da14a09a7e27becf17fd59ab267fd8f6548026b7d5da232253800f0ee94602cab
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Nloader
Simple loader that includes the keyword 'cambo' in the URL used to download other families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Bazar/Team9 Loader payload
-
Nloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-