Overview

overview

10

Static

static

8

SlurpeeDOC

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    emotet_e3_6ee54d69a0e8ccf2cca705c15795de3abc6d4f9f5409608bc6d5e0fb1d061bf8_2020-09-19__111214834154._doc

  • Size

    230KB

  • Sample

    200919-ekdykf26ge

  • MD5

    17cf29535eef0d58cb4c61b8ee3f0d74

  • SHA1

    5251142656d8e06e9cebdf8d0b82ad36de79f45f

  • SHA256

    6ee54d69a0e8ccf2cca705c15795de3abc6d4f9f5409608bc6d5e0fb1d061bf8

  • SHA512

    210742d6ad882da5117023411284e69857f6c8c407ae29103cdc8fe78ed33b0f953d11d63bb9a7697cd2549fa79d868c25efe7667e50dfdfe6d9c6adcb0c7952

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://arsan.com.br/img_b2w/jstgflap98/
exe.dropper

http://koester-pb.de/cgi-bin/HoDIPqV/
exe.dropper

http://aragonmetal.com/_installation/LPMGMZroO/
exe.dropper

https://www.witdigi.com/wp-content/uploads/iBeE/
exe.dropper

http://yellowstonefitness.com/j5es7cx/QgLkys4ga64g228/

Targets

    • Target

      emotet_e3_6ee54d69a0e8ccf2cca705c15795de3abc6d4f9f5409608bc6d5e0fb1d061bf8_2020-09-19__111214834154._doc

    • Size

      230KB

    • MD5

      17cf29535eef0d58cb4c61b8ee3f0d74

    • SHA1

      5251142656d8e06e9cebdf8d0b82ad36de79f45f

    • SHA256

      6ee54d69a0e8ccf2cca705c15795de3abc6d4f9f5409608bc6d5e0fb1d061bf8

    • SHA512

      210742d6ad882da5117023411284e69857f6c8c407ae29103cdc8fe78ed33b0f953d11d63bb9a7697cd2549fa79d868c25efe7667e50dfdfe6d9c6adcb0c7952

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks