General

  • Target

    subscription_1618608166.xlsb

  • Size

    269KB

  • Sample

    210513-lr6c569e7s

  • MD5

    0565d0498becf85051e0d80b65f87a54

  • SHA1

    db53dda3a6954348adb45009c97ade36a1ff3de3

  • SHA256

    01fe11c86a69bca1d91f1d6f3aa776bd7871c57973e6f98915f60dd514ddd913

  • SHA512

    7a1c24042ffd4df0ce831b36b91780b6fc3b523e0960ac865edb5c14a37378ab15bd1dee4144f4ba66796eb0cdb2a21ebc907de1e2d3c2ed538b8925c30472e5

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      subscription_1618608166.xlsb

    • Size

      269KB

    • MD5

      0565d0498becf85051e0d80b65f87a54

    • SHA1

      db53dda3a6954348adb45009c97ade36a1ff3de3

    • SHA256

      01fe11c86a69bca1d91f1d6f3aa776bd7871c57973e6f98915f60dd514ddd913

    • SHA512

      7a1c24042ffd4df0ce831b36b91780b6fc3b523e0960ac865edb5c14a37378ab15bd1dee4144f4ba66796eb0cdb2a21ebc907de1e2d3c2ed538b8925c30472e5

    Score
    10/10
    • Nloader

      Simple loader that includes the keyword 'campo' in the URL used to download other families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Nloader Payload

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks