Overview

overview

10

Static

static

8

emotet_doc

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b2217eabe518a8d069b89bc057a59124420e7895ca2b20cfc342f227c6005f4

  • Size

    157KB

  • Sample

    201020-ktlbpk2npn

  • MD5

    ef034fe6bd02a5337415718d6e2ed3bb

  • SHA1

    dd2af3992733ddc32943cbe2191651f98166cdb9

  • SHA256

    7b2217eabe518a8d069b89bc057a59124420e7895ca2b20cfc342f227c6005f4

  • SHA512

    ec59dd867b5f862ee7b56937334390b8fee9fe1a9fdbc65f2a632b7d862fe9c082c774a3c09c0590f7772754eddea781e8adc2ca9b520bc1b65cbe5a43402246

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://kriya.co.za/cgi-bin/GgSkXPb/
exe.dropper

https://colegiodecomunicadoressocialesdelguayas.com/gm-trouble/s/
exe.dropper

https://prodominiospruebas.tk/presta/u3U/
exe.dropper

https://kushalkafle.com.np/wp-includes/DKA/
exe.dropper

https://somoslotto.com/squarePay/GQmEiPp/
exe.dropper

https://affiliateking.xyz/parting-out/1MI/
exe.dropper

https://dantokpa-market.org/wp/3Sj9Pzt/
exe.dropper

https://gabinetedescodificacionbiologica.com/wp-admin/O66/

Targets

    • Target

      7b2217eabe518a8d069b89bc057a59124420e7895ca2b20cfc342f227c6005f4

    • Size

      157KB

    • MD5

      ef034fe6bd02a5337415718d6e2ed3bb

    • SHA1

      dd2af3992733ddc32943cbe2191651f98166cdb9

    • SHA256

      7b2217eabe518a8d069b89bc057a59124420e7895ca2b20cfc342f227c6005f4

    • SHA512

      ec59dd867b5f862ee7b56937334390b8fee9fe1a9fdbc65f2a632b7d862fe9c082c774a3c09c0590f7772754eddea781e8adc2ca9b520bc1b65cbe5a43402246

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix

Tasks