Resubmissions

15-04-2021 10:33

210415-nks94tqah6 10

15-04-2021 10:24

210415-rbfwnlhcz6 10

General

  • Target

    Fattura.xlsb

  • Size

    249KB

  • Sample

    210415-nks94tqah6

  • MD5

    6099fd6bb0b51b4eaeb02f7169a2b072

  • SHA1

    179e6c3a18f9ead886f22c0df2b383e9161662dd

  • SHA256

    89b7f39fb7a0c7742e90a19bd5c6bbae275b48b6de9f0a1e120ba5b6615263ab

  • SHA512

    e2ba30f2ea42cc1985c87887bb1bc2dd39e39243619c31df5194c36ab451740dd1e446717fd85b6c9419ba611224813f7dc40c37838131daf6a498c4585e8b68

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      Fattura.xlsb

    • Size

      249KB

    • MD5

      6099fd6bb0b51b4eaeb02f7169a2b072

    • SHA1

      179e6c3a18f9ead886f22c0df2b383e9161662dd

    • SHA256

      89b7f39fb7a0c7742e90a19bd5c6bbae275b48b6de9f0a1e120ba5b6615263ab

    • SHA512

      e2ba30f2ea42cc1985c87887bb1bc2dd39e39243619c31df5194c36ab451740dd1e446717fd85b6c9419ba611224813f7dc40c37838131daf6a498c4585e8b68

    Score
    10/10
    • Nloader

      Simple loader that includes the keyword 'campo' in the URL used to download other families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Nloader Payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks