nloader | 67c35a01ebe2933d5772677793719c2702ef18274e84fc188f5eb6eee4f32752 | Triage

Submit
Reports

Overview

overview

Static

static

8

_____.xlsb

windows7_x64

_____.xlsb

windows10_x64

Sharing

General

Target

_____.xlsb
Size

225KB
Sample

210411-w1lyba9clx
MD5

0abe41c27fa3f1e62b74ff4903887d86
SHA1

3707fed2be2ec70152bdc5cd691137a7d6b62013
SHA256

67c35a01ebe2933d5772677793719c2702ef18274e84fc188f5eb6eee4f32752
SHA512

0b6bc4a8f420c9cb463fa10ec1cfe64cf90ee132ee2f46ec739c381e0d2a21d848896cf1d89b88de9fb6d7b88c2ebc1c497ee8cba08205802c372da5e707f7a9

Score

10^/10

nloader loader macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

_____.xlsb

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

_____.xlsb

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Targets

- Target
  
  _____.xlsb
- Size
  
  225KB
- MD5
  
  0abe41c27fa3f1e62b74ff4903887d86
- SHA1
  
  3707fed2be2ec70152bdc5cd691137a7d6b62013
- SHA256
  
  67c35a01ebe2933d5772677793719c2702ef18274e84fc188f5eb6eee4f32752
- SHA512
  
  0b6bc4a8f420c9cb463fa10ec1cfe64cf90ee132ee2f46ec739c381e0d2a21d848896cf1d89b88de9fb6d7b88c2ebc1c497ee8cba08205802c372da5e707f7a9
Score

10^/10

nloader loader
- Nloader
  Simple loader that includes the keyword 'cambo' in the URL used to download other families.
  loader nloader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Nloader Payload
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy