General

  • Target

    order_Z0012112202927225.xlsb

  • Size

    306KB

  • Sample

    210427-234w155gda

  • MD5

    7e00f1f0fabe5bf5404589000e61a9af

  • SHA1

    9429673fccc8b550a21ea9582c958f8772497b64

  • SHA256

    39d99432698540f5ea6b8acf77b2323e2cde143638694bbd726e161924885059

  • SHA512

    10faa2e7df209ae1f42be832b56af639769657068165b908e3d13a79c1df460c860b6a3fdfb4c0bb58e36f29104f21a3d218d568f88a1c895601e8a0319a6589

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      order_Z0012112202927225.xlsb

    • Size

      306KB

    • MD5

      7e00f1f0fabe5bf5404589000e61a9af

    • SHA1

      9429673fccc8b550a21ea9582c958f8772497b64

    • SHA256

      39d99432698540f5ea6b8acf77b2323e2cde143638694bbd726e161924885059

    • SHA512

      10faa2e7df209ae1f42be832b56af639769657068165b908e3d13a79c1df460c860b6a3fdfb4c0bb58e36f29104f21a3d218d568f88a1c895601e8a0319a6589

    Score
    10/10
    • Nloader

      Simple loader that includes the keyword 'campo' in the URL used to download other families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Nloader Payload

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks