Overview

overview

10

Static

static

8

emotet_doc

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a868527d34ede7cceb1ab715e7204f12a4911f64975ff7bdfe32d53f3864a99a.doc

  • Size

    170KB

  • Sample

    200729-64k553a1k2

  • MD5

    19797fd98612fa200a0940ad7db06dd1

  • SHA1

    69c2697f949bb89e03fb1aebfca02dc7951c9dd9

  • SHA256

    a868527d34ede7cceb1ab715e7204f12a4911f64975ff7bdfe32d53f3864a99a

  • SHA512

    2a6e019e7d20e65e4967fab44211e406444b4849644e2ce275e6c96b11c8878f8de205ff41c57898a20565c943c2f51446abf8684734bae72feb879ed34a8119

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://meuambientedecoracoes.com.br/update/ux5_iq061_x7f/
exe.dropper

http://dogbluemedia.com/dbm-salon/1g_9s_98t0/
exe.dropper

http://enhancementtechnology.co.uk/wp-includes/w0r_c6_zy8an/
exe.dropper

https://firstaid-redliv.dk/wp-content/c_zjmm_0p7xzukpo9/
exe.dropper

http://firman.com.au/fq_cze_gakl53z/

Targets

    • Target

      a868527d34ede7cceb1ab715e7204f12a4911f64975ff7bdfe32d53f3864a99a.doc

    • Size

      170KB

    • MD5

      19797fd98612fa200a0940ad7db06dd1

    • SHA1

      69c2697f949bb89e03fb1aebfca02dc7951c9dd9

    • SHA256

      a868527d34ede7cceb1ab715e7204f12a4911f64975ff7bdfe32d53f3864a99a

    • SHA512

      2a6e019e7d20e65e4967fab44211e406444b4849644e2ce275e6c96b11c8878f8de205ff41c57898a20565c943c2f51446abf8684734bae72feb879ed34a8119

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix

Tasks