Overview

overview

10

Static

static

8

subscripti...3.xlsb

windows7_x64

10

subscripti...3.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    subscription_1618245993.xlsb

  • Size

    312KB

  • Sample

    210412-c6lg2pn5p2

  • MD5

    a025ee5205f9a2af4ec332478dee53eb

  • SHA1

    a4777e075e2895f65b38cea4fd4fa0b031587647

  • SHA256

    5aab7a71287ccd1bb7c20829709eaae67beb0092ee9e8d8ce60d8870e7775fda

  • SHA512

    28f8f9fd9d48843f529c2d9b1498e984fbb382adc8e8bea9e5635d03293b48f3d142374f30527b985096183aa7c66e48202bb6ca0f5a617abf97064148cf46c7

Score
10/10
nloaderloadermacroxlm

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      subscription_1618245993.xlsb

    • Size

      312KB

    • MD5

      a025ee5205f9a2af4ec332478dee53eb

    • SHA1

      a4777e075e2895f65b38cea4fd4fa0b031587647

    • SHA256

      5aab7a71287ccd1bb7c20829709eaae67beb0092ee9e8d8ce60d8870e7775fda

    • SHA512

      28f8f9fd9d48843f529c2d9b1498e984fbb382adc8e8bea9e5635d03293b48f3d142374f30527b985096183aa7c66e48202bb6ca0f5a617abf97064148cf46c7

    Score
    10/10
    nloaderloader

    • Nloader

      Simple loader that includes the keyword 'cambo' in the URL used to download other families.

      loadernloader

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Nloader Payload

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks