Overview

overview

10

Static

static

8

emotet_doc

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0855da5a6db49a1d2043493d292f3282845b92d4b1d4f6c55eea9026cfcda488.doc

  • Size

    87KB

  • Sample

    200315-nmalg8mgmx

  • MD5

    e416aa320c5070df1128c8d44872aeab

  • SHA1

    b2c6e3255697811c32bc7b461d161b9398e93a8f

  • SHA256

    0855da5a6db49a1d2043493d292f3282845b92d4b1d4f6c55eea9026cfcda488

  • SHA512

    8bd6ad269772e114766398c075312ac931c1fd1386887a1854336858bf0aa10fac3fd499b914e62027fd39fb40a0d8f6bd4f0fc73a1f9060e9fa78d79c269123

Score
10/10
evasionmacrospywaretrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://freshnlaundry.com/MmU
exe.dropper

http://bravewill.org/5VKAhr
exe.dropper

http://ypsifest.com/xbrYo
exe.dropper

http://nazarspot.com.tr/dTofA3
exe.dropper

http://suicidepreventionportagecounty.org/J5

Targets

    • Target

      0855da5a6db49a1d2043493d292f3282845b92d4b1d4f6c55eea9026cfcda488.doc

    • Size

      87KB

    • MD5

      e416aa320c5070df1128c8d44872aeab

    • SHA1

      b2c6e3255697811c32bc7b461d161b9398e93a8f

    • SHA256

      0855da5a6db49a1d2043493d292f3282845b92d4b1d4f6c55eea9026cfcda488

    • SHA512

      8bd6ad269772e114766398c075312ac931c1fd1386887a1854336858bf0aa10fac3fd499b914e62027fd39fb40a0d8f6bd4f0fc73a1f9060e9fa78d79c269123

    Score
    10/10
    evasionspywaretrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Modifies system certificate store

      evasionspywaretrojan

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks