Overview

overview

10

Static

static

8

subscripti...3.xlsb

windows7_x64

10

subscripti...3.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    subscription_1618416583.xlsb

  • Size

    254KB

  • Sample

    210414-slklv3z8fx

  • MD5

    664872d6a7739069e1357f0a0c6d7dd2

  • SHA1

    02b1c506e304053d5af55eb7831657eff247067a

  • SHA256

    5c2c97f89704c710ed1638074c98d42c9d1ff1f53e25cdcd3ffd72d231f7480b

  • SHA512

    9c9656373ff41dec29c83ab15140288ea6f473b17c1bfde0cbc2900d7269c63786e09b257a16ad8e6fe7e8ab64eacf8011d5d7b214a18fac3b692d84c98cd65c

Score
10/10
nloaderloadermacroxlm

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      subscription_1618416583.xlsb

    • Size

      254KB

    • MD5

      664872d6a7739069e1357f0a0c6d7dd2

    • SHA1

      02b1c506e304053d5af55eb7831657eff247067a

    • SHA256

      5c2c97f89704c710ed1638074c98d42c9d1ff1f53e25cdcd3ffd72d231f7480b

    • SHA512

      9c9656373ff41dec29c83ab15140288ea6f473b17c1bfde0cbc2900d7269c63786e09b257a16ad8e6fe7e8ab64eacf8011d5d7b214a18fac3b692d84c98cd65c

    Score
    10/10
    nloaderloader

    • Nloader

      Simple loader that includes the keyword 'campo' in the URL used to download other families.

      loadernloader

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Nloader Payload

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks