Extracted

• • Target

    subscription_1618245993.xlsb

  • Size

    312KB

  • MD5

    a025ee5205f9a2af4ec332478dee53eb

  • SHA1

    a4777e075e2895f65b38cea4fd4fa0b031587647

  • SHA256

    5aab7a71287ccd1bb7c20829709eaae67beb0092ee9e8d8ce60d8870e7775fda

  • SHA512

    28f8f9fd9d48843f529c2d9b1498e984fbb382adc8e8bea9e5635d03293b48f3d142374f30527b985096183aa7c66e48202bb6ca0f5a617abf97064148cf46c7

  Score

  10^/10

  nloaderloader

  • Nloader

    Simple loader that includes the keyword 'cambo' in the URL used to download other families.

    loadernloader

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Nloader Payload

  • Blocklisted process makes network request

  • Loads dropped DLL

  behavioral1behavioral2