General
-
Target
Fattura.xlsb.zip
-
Size
217KB
-
Sample
210416-3nl2fmv8jj
-
MD5
3c1618e3e28413ab1e997751ee829d41
-
SHA1
c8374db9400c87c2d17fc3177c56afaa898b04e3
-
SHA256
6c229ae1e0497a93bdc1655fed580e13fc94b300133de8f423984efbe0bc1138
-
SHA512
e1d3a9f07930ae1be42d5bd84f0a89ab5d9dd008f3128976ee9b5268900d7e96f7b2571e91fdd71605517b0222ee0cb3fa24a46ba0cbb2ec60894f7345171ac8
Malware Config
Extracted
Targets
-
-
Target
Fattura.xlsb
-
Size
249KB
-
MD5
cfb756f36616e64f4da99dce90b25661
-
SHA1
00f48058178e506ad535f7f5c00b632c41ba4b8f
-
SHA256
051770ec73c6bb36b839af3fcdc2e28e14f8e8c24f77f89bdc034c19f05516ed
-
SHA512
fce764ec2d370a3709af0a2a8e1eca125e175e3c14849362a9d301b13f631a44d3dbb2289d1cb224f1357aeaa0da42b0d6c54c544d7c226ca6b9d6f5d6a0a9e6
Score10/10-
Nloader
Simple loader that includes the keyword 'campo' in the URL used to download other families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Nloader Payload
-
Loads dropped DLL
-