General
-
Target
subscription_1615866472.xlsb.zip
-
Size
270KB
-
Sample
210513-w25yacmfrn
-
MD5
7a10f48296bf11be5e4002eeadb2d348
-
SHA1
e65644b94c427a6d8cc9d8691d7a9ce7096e34f2
-
SHA256
3fbe10e0cd5ce03f9783b908b0706d66253ff1e30dd77f6435ed360a43c69e4d
-
SHA512
bfa3dc6f8799edcb426c36901927a406ab8eb5bd7626002e70e208673f8f690de07e129790bc8fc42e6994b8ac9ef8268e66df53f73378cad256e0409be94430
Malware Config
Extracted
Targets
-
-
Target
subscription_1615866472.xlsb
-
Size
279KB
-
MD5
07571645cfa9005361c68f1d84975550
-
SHA1
b9020bd1ae5f35489a288f2e5aa7c068e08d540d
-
SHA256
ee9ba17fb42f85ed79f5a9f15673327579538de8eb268ea134b97bff3f54c44c
-
SHA512
3345b205c17240f5d11265491de01530e99ae37b4d7f3ae482bd09f23e184bba5c109b027dc56fa3b8ff331eca999b69571cf2fba1adb39ddcee64fd55f30fe7
Score10/10-
Nloader
Simple loader that includes the keyword 'campo' in the URL used to download other families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Nloader Payload
-
Blocklisted process makes network request
-
Loads dropped DLL
-