Extracted

• • Target

    subscription_1616167805.xlsb

  • Size

    328KB

  • MD5

    d17e780a23c19a5ce5c2a0d4abc19b55

  • SHA1

    d3d73e9f08cb6d880dc163149d352a197dac7300

  • SHA256

    056809e596895320397378f7f3ff4958107e48f4890a960229dcfbc32b7379b7

  • SHA512

    df94d5473166e9d73ee27a37793fa3bbdee409692cee61696b3dd7bf79c3604da14a09a7e27becf17fd59ab267fd8f6548026b7d5da232253800f0ee94602cab

  Score

  10^/10

  nloaderloaderbazarloaderdropperpersistence

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader

  • Nloader

    Simple loader that includes the keyword 'cambo' in the URL used to download other families.

    loadernloader

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Bazar/Team9 Loader payload

  • Nloader Payload

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2