Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46c3934b91b0a922daddfe46c9e3ba28c37503597d8922582a45f329b1743ae9.doc

  • Size

    267KB

  • Sample

    200206-jneqx61fcs

  • MD5

    142e9d16af024575bda55edf549f3346

  • SHA1

    83ec2436619371765a7a9fa7c9f4d2c87f3c5af2

  • SHA256

    46c3934b91b0a922daddfe46c9e3ba28c37503597d8922582a45f329b1743ae9

  • SHA512

    6983e37121e02e6268cf9238372fd5d7c84b48bbc05934d5a6c55200270e37e87dbf016ae2d28547becea3a6a44bf614a7ccffd87e4a53a0f059165ec43dc3ca

Score
10/10
emotetbankerevasionspywaretrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://movin.cloud/backend_01/jkc4i-wnc01wbd0-43/
exe.dropper

https://ribrart.com/wordpress/TXfMotAUY/
exe.dropper

http://www.pureborn.com/modules/QLBlEB/
exe.dropper

http://phuongphamngulao.gov.vn/wp-content/VNWiFup/
exe.dropper

https://wwwzarawazircom.000webhostapp.com/wp-admin/39h9z-rc0w9qe8yg-52816598/

Targets

    • Target

      46c3934b91b0a922daddfe46c9e3ba28c37503597d8922582a45f329b1743ae9.doc

    • Size

      267KB

    • MD5

      142e9d16af024575bda55edf549f3346

    • SHA1

      83ec2436619371765a7a9fa7c9f4d2c87f3c5af2

    • SHA256

      46c3934b91b0a922daddfe46c9e3ba28c37503597d8922582a45f329b1743ae9

    • SHA512

      6983e37121e02e6268cf9238372fd5d7c84b48bbc05934d5a6c55200270e37e87dbf016ae2d28547becea3a6a44bf614a7ccffd87e4a53a0f059165ec43dc3ca

    Score
    10/10
    evasionspywaretrojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Process spawned unexpected child process

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Modifies system certificate store

      evasionspywaretrojan

    • Drops file in System32 directory

    task1

MITRE ATT&CK Enterprise v6

Tasks