Overview

overview

10

Static

static

8

emotet_doc

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fb47e6f82f631e677d6380ad07189b514c6783860b7a0785ad02f10f4622820.doc

  • Size

    170KB

  • Sample

    200731-g47edrdvaj

  • MD5

    0e806d6d7a4c5aa39bd197c2e20fd96f

  • SHA1

    b7b23da35d166b21071f4bcd3dd82a43ba32a75b

  • SHA256

    1fb47e6f82f631e677d6380ad07189b514c6783860b7a0785ad02f10f4622820

  • SHA512

    80b2501edd9d434cc0752e981da15c49cda8bbaeb0da80aa379c9774901bc504066918bdb3247b68e323f61de8101e48b33ae62fad16b94db58077d83bcc0fad

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://pufferfiz.net/btrsports/3_qr_elsv8z8sb/
exe.dropper

http://rnetwork.com.br/administrator/itn1q_s_nhf/
exe.dropper

http://essoft.com/cgi-bin/bmkhn_v_pd5gahs8/
exe.dropper

http://dairyfocus.com.au/administrator/andxl/zvsg2_ijx_nd82wyrwn/
exe.dropper

http://kobes.net/cgi-bin/18i_56g1_o9cw7yj/

Targets

    • Target

      1fb47e6f82f631e677d6380ad07189b514c6783860b7a0785ad02f10f4622820.doc

    • Size

      170KB

    • MD5

      0e806d6d7a4c5aa39bd197c2e20fd96f

    • SHA1

      b7b23da35d166b21071f4bcd3dd82a43ba32a75b

    • SHA256

      1fb47e6f82f631e677d6380ad07189b514c6783860b7a0785ad02f10f4622820

    • SHA512

      80b2501edd9d434cc0752e981da15c49cda8bbaeb0da80aa379c9774901bc504066918bdb3247b68e323f61de8101e48b33ae62fad16b94db58077d83bcc0fad

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix

Tasks