Overview

overview

10

Static

static

emotet_doc

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50f04e399268abdf3e3686c956a3d8fe0b3dca393c350c8a4acbe5d819aa6fc2.doc

  • Size

    210KB

  • Sample

    200213-g9j2dsz23x

  • MD5

    6dea422353dc997a4d850f560d3e78e2

  • SHA1

    3f80cc67602701f0e5afc1601659dd2275cb92aa

  • SHA256

    50f04e399268abdf3e3686c956a3d8fe0b3dca393c350c8a4acbe5d819aa6fc2

  • SHA512

    5d40ddcea474d4cb6d5b98b113f59f8f393f0fe3a9fcd2655ba98fe97210c03a313643f08d5745aed981fdbec61c52a69bf0201eff1d1ffc156dd4c7b0171582

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://chanke.lixinyiyuan.com/wp-content/uploads/NpdQNm93/
exe.dropper

http://tinhdauvn.com/xc1dj/VD/
exe.dropper

http://www.vetibourse.com/logs/5wuD36572/
exe.dropper

http://www.tour2cn.com/29/nK5/
exe.dropper

http://izhline.net/logs/DvZ63/

Targets

    • Target

      50f04e399268abdf3e3686c956a3d8fe0b3dca393c350c8a4acbe5d819aa6fc2.doc

    • Size

      210KB

    • MD5

      6dea422353dc997a4d850f560d3e78e2

    • SHA1

      3f80cc67602701f0e5afc1601659dd2275cb92aa

    • SHA256

      50f04e399268abdf3e3686c956a3d8fe0b3dca393c350c8a4acbe5d819aa6fc2

    • SHA512

      5d40ddcea474d4cb6d5b98b113f59f8f393f0fe3a9fcd2655ba98fe97210c03a313643f08d5745aed981fdbec61c52a69bf0201eff1d1ffc156dd4c7b0171582

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix

Tasks