Overview

overview

10

Static

static

emotet_doc

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ca0d78da6dffed5bfbd550359d07ba0584fabbb7e19be51072fffd1c8fb0666.doc

  • Size

    235KB

  • Sample

    200215-tsr7dgwftn

  • MD5

    0049f6d709ac742c1726cabb47e1e7ae

  • SHA1

    12bb7c27791ea126cc42992a4bfe7cd113b1b1f4

  • SHA256

    9ca0d78da6dffed5bfbd550359d07ba0584fabbb7e19be51072fffd1c8fb0666

  • SHA512

    e3433001eed747b9feb4d14be402c20ce1b2f81476c6d9c3fe121db248165251980655cae4ad60814122920fa677c0c571b69d38537cf01add1e1de2ef7c002b

Score
10/10
emotetbankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ta-behesht.ir/images/Provx00a/
exe.dropper

http://tatcogroup.ir/wp-admin/UC/
exe.dropper

http://tcpartner.ru/wp-includes/nr8/
exe.dropper

http://tepcian.utcc.ac.th/wp-admin/SquR/
exe.dropper

http://ourproductreview.in/pokjbg746ihrtr/a1kzwc/

Targets

    • Target

      9ca0d78da6dffed5bfbd550359d07ba0584fabbb7e19be51072fffd1c8fb0666.doc

    • Size

      235KB

    • MD5

      0049f6d709ac742c1726cabb47e1e7ae

    • SHA1

      12bb7c27791ea126cc42992a4bfe7cd113b1b1f4

    • SHA256

      9ca0d78da6dffed5bfbd550359d07ba0584fabbb7e19be51072fffd1c8fb0666

    • SHA512

      e3433001eed747b9feb4d14be402c20ce1b2f81476c6d9c3fe121db248165251980655cae4ad60814122920fa677c0c571b69d38537cf01add1e1de2ef7c002b

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix

Tasks