Overview

overview

10

Static

static

8

subscripti...2.xlsb

windows7_x64

10

subscripti...2.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    subscription_1615866472.xlsb.zip

  • Size

    270KB

  • Sample

    210513-w25yacmfrn

  • MD5

    7a10f48296bf11be5e4002eeadb2d348

  • SHA1

    e65644b94c427a6d8cc9d8691d7a9ce7096e34f2

  • SHA256

    3fbe10e0cd5ce03f9783b908b0706d66253ff1e30dd77f6435ed360a43c69e4d

  • SHA512

    bfa3dc6f8799edcb426c36901927a406ab8eb5bd7626002e70e208673f8f690de07e129790bc8fc42e6994b8ac9ef8268e66df53f73378cad256e0409be94430

Score
10/10
nloaderloadermacroxlm

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      subscription_1615866472.xlsb

    • Size

      279KB

    • MD5

      07571645cfa9005361c68f1d84975550

    • SHA1

      b9020bd1ae5f35489a288f2e5aa7c068e08d540d

    • SHA256

      ee9ba17fb42f85ed79f5a9f15673327579538de8eb268ea134b97bff3f54c44c

    • SHA512

      3345b205c17240f5d11265491de01530e99ae37b4d7f3ae482bd09f23e184bba5c109b027dc56fa3b8ff331eca999b69571cf2fba1adb39ddcee64fd55f30fe7

    Score
    10/10
    nloaderloader

    • Nloader

      Simple loader that includes the keyword 'campo' in the URL used to download other families.

      loadernloader

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Nloader Payload

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks