Overview

overview

10

Static

static

emotet_doc

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    070ff04b9114219b723258f78497332f09f7cc6cd3775f2d7b66eb6920da8c89.doc

  • Size

    235KB

  • Sample

    200213-eljtcvm3h6

  • MD5

    14268de9d52cfce166ebf8482e9d3934

  • SHA1

    dfe2cabeb04434a6b82efe8c01f4ba49cbfeb34d

  • SHA256

    070ff04b9114219b723258f78497332f09f7cc6cd3775f2d7b66eb6920da8c89

  • SHA512

    9f656bb06b3a84c35266fab00514102da3e9cd76dcc832bfc74713625190ad5e5ff187c22fe2a3d0cae8d7cd47237c36bda784cfa828b50aa13afa4874b4aa57

Score
10/10
emotetbankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ta-behesht.ir/images/Provx00a/
exe.dropper

http://tatcogroup.ir/wp-admin/UC/
exe.dropper

http://tcpartner.ru/wp-includes/nr8/
exe.dropper

http://tepcian.utcc.ac.th/wp-admin/SquR/
exe.dropper

http://ourproductreview.in/pokjbg746ihrtr/a1kzwc/

Targets

    • Target

      070ff04b9114219b723258f78497332f09f7cc6cd3775f2d7b66eb6920da8c89.doc

    • Size

      235KB

    • MD5

      14268de9d52cfce166ebf8482e9d3934

    • SHA1

      dfe2cabeb04434a6b82efe8c01f4ba49cbfeb34d

    • SHA256

      070ff04b9114219b723258f78497332f09f7cc6cd3775f2d7b66eb6920da8c89

    • SHA512

      9f656bb06b3a84c35266fab00514102da3e9cd76dcc832bfc74713625190ad5e5ff187c22fe2a3d0cae8d7cd47237c36bda784cfa828b50aa13afa4874b4aa57

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix

Tasks