Extracted

• • Target

    subscription_1617037035.xlsb

  • Size

    176KB

  • MD5

    94dee992c9b32337944c537faad98fc3

  • SHA1

    03028e9d85889ef3f6d7a202fa8b48d4f28189cc

  • SHA256

    785cee1832087169cb5ea280304865f96fa3ca42d6af6b97acb0204837d6c4d6

  • SHA512

    d47f9b88624e14a4f8b7cc0e1ad0aac7450d1699527f7997ec098e5ce023f2d713296cafa35aee4199dd1ef93236928454c9e60a342b4a0f70902833d85ac5fd

  Score

  10^/10

  nloaderloaderbazarloaderdropperpersistence

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader

  • Nloader

    Simple loader that includes the keyword 'cambo' in the URL used to download other families.

    loadernloader

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Bazar/Team9 Loader payload

  • Nloader Payload

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2