Overview

overview

10

Static

static

8

emotet_doc

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    12978037724d36b52fcae4b7d8ea65da75e7f38ed8b32ee144443f50717bf8f4.doc

  • Size

    195KB

  • Sample

    200717-2pecqrl8ga

  • MD5

    dbde50b0484d69ff102d5d2a152b3a06

  • SHA1

    c830f7fd2004c2fbe164cf549af471a1d73f2ffd

  • SHA256

    12978037724d36b52fcae4b7d8ea65da75e7f38ed8b32ee144443f50717bf8f4

  • SHA512

    19ae753a9eee8efba2b4ec98c90258cb9789f1f4c6054651778e5d7737e985ef8aa7e6cc7fbac6abc3da148788a90545698735a2aa9b2e059ea47d9c713f9027

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://www.elseelektrikci.com/wp-content/hedk3/
exe.dropper

https://www.rviradeals.com/wp-includes/LeDR/
exe.dropper

https://skenglish.com/wp-admin/o0gf/
exe.dropper

https://www.packersmoversmohali.com/wp-includes/pgmt4x/
exe.dropper

https://www.tri-comma.com/wp-admin/MmD/

Targets

    • Target

      12978037724d36b52fcae4b7d8ea65da75e7f38ed8b32ee144443f50717bf8f4.doc

    • Size

      195KB

    • MD5

      dbde50b0484d69ff102d5d2a152b3a06

    • SHA1

      c830f7fd2004c2fbe164cf549af471a1d73f2ffd

    • SHA256

      12978037724d36b52fcae4b7d8ea65da75e7f38ed8b32ee144443f50717bf8f4

    • SHA512

      19ae753a9eee8efba2b4ec98c90258cb9789f1f4c6054651778e5d7737e985ef8aa7e6cc7fbac6abc3da148788a90545698735a2aa9b2e059ea47d9c713f9027

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks