nloader | 89b7f39fb7a0c7742e90a19bd5c6bbae275b48b6de9f0a1e120ba5b6615263ab | Triage

Submit
Reports

Overview

overview

Static

static

8

galadriel

windows7_x64

Resubmissions

15-04-2021 10:33

210415-nks94tqah6 10

15-04-2021 10:24

210415-rbfwnlhcz6 10

Sharing

General

Target

Fattura.xlsb
Size

249KB
Sample

210415-nks94tqah6
MD5

6099fd6bb0b51b4eaeb02f7169a2b072
SHA1

179e6c3a18f9ead886f22c0df2b383e9161662dd
SHA256

89b7f39fb7a0c7742e90a19bd5c6bbae275b48b6de9f0a1e120ba5b6615263ab
SHA512

e2ba30f2ea42cc1985c87887bb1bc2dd39e39243619c31df5194c36ab451740dd1e446717fd85b6c9419ba611224813f7dc40c37838131daf6a498c4585e8b68

Score

10^/10

nloader loader macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

Fattura.xlsb

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Targets

- Target
  
  Fattura.xlsb
- Size
  
  249KB
- MD5
  
  6099fd6bb0b51b4eaeb02f7169a2b072
- SHA1
  
  179e6c3a18f9ead886f22c0df2b383e9161662dd
- SHA256
  
  89b7f39fb7a0c7742e90a19bd5c6bbae275b48b6de9f0a1e120ba5b6615263ab
- SHA512
  
  e2ba30f2ea42cc1985c87887bb1bc2dd39e39243619c31df5194c36ab451740dd1e446717fd85b6c9419ba611224813f7dc40c37838131daf6a498c4585e8b68
Score

10^/10

nloader loader
- Nloader
  Simple loader that includes the keyword 'campo' in the URL used to download other families.
  loader nloader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Nloader Payload
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy