General

  • Target

    subscription_1618592996.xlsb

  • Size

    269KB

  • Sample

    210416-b25s6zzsb2

  • MD5

    e86b9229ec1b692dff17c074843d27da

  • SHA1

    61598ee67b6f4f5ac01a5f0752dfe3324d00c66f

  • SHA256

    6d6ff6f138defb2bb7602c08c1cb22930f5e30ef264eeaf760f99d4ca95beca7

  • SHA512

    a8f9105ab7b360c492e0409d1d5b3912eba29fe2175036af676083a145f0a80b5924745d3b64b8ac82f499ac3c16df15c6650f30ea9bb006cca30931984e265b

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      subscription_1618592996.xlsb

    • Size

      269KB

    • MD5

      e86b9229ec1b692dff17c074843d27da

    • SHA1

      61598ee67b6f4f5ac01a5f0752dfe3324d00c66f

    • SHA256

      6d6ff6f138defb2bb7602c08c1cb22930f5e30ef264eeaf760f99d4ca95beca7

    • SHA512

      a8f9105ab7b360c492e0409d1d5b3912eba29fe2175036af676083a145f0a80b5924745d3b64b8ac82f499ac3c16df15c6650f30ea9bb006cca30931984e265b

    Score
    10/10
    • Nloader

      Simple loader that includes the keyword 'campo' in the URL used to download other families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Nloader Payload

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks