Resubmissions

15-05-2021 06:30

210515-lxdxev1lpn 10

15-05-2021 06:01

210515-2knl4q95bs 10

General

  • Target

    test.xlsb

  • Size

    254KB

  • Sample

    210515-2knl4q95bs

  • MD5

    dc37192b5c4c8c4f94c73c18ce5e3829

  • SHA1

    0aa6bb11a11dade2269d90b2781ed0a517362012

  • SHA256

    db53f42e13d2685bd34dbc5c79fad637c9344e72e210ca05504420874e98c2a6

  • SHA512

    3e8b179d8521fb33a46eeeca74bbda7a4e8a32f47b6195b17d62664dd2e31716261a61a495857ed08dbbc001a9eab8adec7133921179eb3df66c53e18c586d9a

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      test.xlsb

    • Size

      254KB

    • MD5

      dc37192b5c4c8c4f94c73c18ce5e3829

    • SHA1

      0aa6bb11a11dade2269d90b2781ed0a517362012

    • SHA256

      db53f42e13d2685bd34dbc5c79fad637c9344e72e210ca05504420874e98c2a6

    • SHA512

      3e8b179d8521fb33a46eeeca74bbda7a4e8a32f47b6195b17d62664dd2e31716261a61a495857ed08dbbc001a9eab8adec7133921179eb3df66c53e18c586d9a

    Score
    10/10
    • Nloader

      Simple loader that includes the keyword 'campo' in the URL used to download other families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Nloader Payload

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks