Overview

overview

10

Static

static

emotet_doc

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9bc017958890fd2e59a44c33e3a3d39775e6657b5a329d57f5e5399023846a64.doc

  • Size

    139KB

  • Sample

    200315-bnqbh3mehn

  • MD5

    9c3c3b387ee4c6e799e78f0f469d91da

  • SHA1

    8ad1284839d45414ef258aa1005b53886d2a942f

  • SHA256

    9bc017958890fd2e59a44c33e3a3d39775e6657b5a329d57f5e5399023846a64

  • SHA512

    7e1dbadc2de68b0df0a57edadf00827bd278cb9f7c1df56a258df012493c178a5e5b5cfba288ed5214642a6805ed8599a81efde914fcde07e7204b314631367d

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.funtelo.com/58S1xJ09
exe.dropper

http://www.shout4music.com/Kkt4CUPvX2
exe.dropper

http://advustech.com/l5EcamTDy
exe.dropper

http://www.ceeetwh.org/UZwh7EIWD6
exe.dropper

http://www.gmlsoftware.com/itTZIne5M

Targets

    • Target

      9bc017958890fd2e59a44c33e3a3d39775e6657b5a329d57f5e5399023846a64.doc

    • Size

      139KB

    • MD5

      9c3c3b387ee4c6e799e78f0f469d91da

    • SHA1

      8ad1284839d45414ef258aa1005b53886d2a942f

    • SHA256

      9bc017958890fd2e59a44c33e3a3d39775e6657b5a329d57f5e5399023846a64

    • SHA512

      7e1dbadc2de68b0df0a57edadf00827bd278cb9f7c1df56a258df012493c178a5e5b5cfba288ed5214642a6805ed8599a81efde914fcde07e7204b314631367d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    behavioral1

MITRE ATT&CK Matrix

Tasks