Extracted

• • Target

    subscription_1617898525.xlsb

  • Size

    250KB

  • MD5

    9d39f307b0d6276450038cca7568b2cc

  • SHA1

    72d0c43d84791c50e600d85e6deb2b9021cf7056

  • SHA256

    bc64eb93cd133670e5e997bdee03928d2408281ed8f07142ee13371da5352f88

  • SHA512

    17e98e6da13405142295953f6deb0cd7d44751bf83a22833a7b9747e21ae46630c1edb7d176edcd21f14428182135db181153a06ddd9e3fc70246514f6f1f127

  Score

  10^/10

  nloaderloader

  • Nloader

    Simple loader that includes the keyword 'cambo' in the URL used to download other families.

    loadernloader

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Nloader Payload

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2