General
-
Target
subscription_1618416583.xlsb
-
Size
254KB
-
Sample
210414-slklv3z8fx
-
MD5
664872d6a7739069e1357f0a0c6d7dd2
-
SHA1
02b1c506e304053d5af55eb7831657eff247067a
-
SHA256
5c2c97f89704c710ed1638074c98d42c9d1ff1f53e25cdcd3ffd72d231f7480b
-
SHA512
9c9656373ff41dec29c83ab15140288ea6f473b17c1bfde0cbc2900d7269c63786e09b257a16ad8e6fe7e8ab64eacf8011d5d7b214a18fac3b692d84c98cd65c
Malware Config
Extracted
Targets
-
-
Target
subscription_1618416583.xlsb
-
Size
254KB
-
MD5
664872d6a7739069e1357f0a0c6d7dd2
-
SHA1
02b1c506e304053d5af55eb7831657eff247067a
-
SHA256
5c2c97f89704c710ed1638074c98d42c9d1ff1f53e25cdcd3ffd72d231f7480b
-
SHA512
9c9656373ff41dec29c83ab15140288ea6f473b17c1bfde0cbc2900d7269c63786e09b257a16ad8e6fe7e8ab64eacf8011d5d7b214a18fac3b692d84c98cd65c
Score10/10-
Nloader
Simple loader that includes the keyword 'campo' in the URL used to download other families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Nloader Payload
-
Blocklisted process makes network request
-
Loads dropped DLL
-