Resubmissions

03-05-2021 02:35

210503-jagf2d2b76 10

02-05-2021 00:58

210502-sd8lb2gep2 10

General

  • Target

    隧ウ邏ー諠・ア.xlsb

  • Size

    327KB

  • Sample

    210503-jagf2d2b76

  • MD5

    e88b03763c5090769c37e24b58c4b987

  • SHA1

    7bb0453fb4e4b5333fcd78df541ae9a3bd86105d

  • SHA256

    d51711eecb03950944b65626423e1b36ff93d4852a715f25051cb683a16ff34d

  • SHA512

    f5ee7ade598a78178eba571c9807f3d835171f4ff9bec2e25d7ab82644279a7b3353d79182aebb243376c6f8b7c30e7d14ab1dc27aaa2decb9580a964ae7557c

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      隧ウ邏ー諠・ア.xlsb

    • Size

      327KB

    • MD5

      e88b03763c5090769c37e24b58c4b987

    • SHA1

      7bb0453fb4e4b5333fcd78df541ae9a3bd86105d

    • SHA256

      d51711eecb03950944b65626423e1b36ff93d4852a715f25051cb683a16ff34d

    • SHA512

      f5ee7ade598a78178eba571c9807f3d835171f4ff9bec2e25d7ab82644279a7b3353d79182aebb243376c6f8b7c30e7d14ab1dc27aaa2decb9580a964ae7557c

    Score
    10/10
    • Nloader

      Simple loader that includes the keyword 'campo' in the URL used to download other families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Nloader Payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks