Overview

overview

10

Static

static

8

emotet_doc2

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc987e7b5bd775460bdfe88b6b9147a2f88664361c4d0a332869ec51b19e2578

  • Size

    164KB

  • Sample

    201105-plx6ex7q7s

  • MD5

    274708206bf5c9740b99dd9eb0a71f7a

  • SHA1

    6f3933b653c85c6305d1451871950851a3e7a30f

  • SHA256

    bc987e7b5bd775460bdfe88b6b9147a2f88664361c4d0a332869ec51b19e2578

  • SHA512

    27b1e5da776ddfcb4fbbf4d7ec617b366cc3d4e8cd2b8649d69021e9c9ad6d8307ce7e047f39c1b9764cd6c53731f47bc4d7a18cfa555cd77189edaa737e087c

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.palmettoslidingdoorrepair.com/wp-admin/user/6C/
exe.dropper

http://iheartflix.com/wp-content/2SP/
exe.dropper

https://www.mqhealthcare.com/wp-content/GwV/
exe.dropper

http://oykadanismanlik.net/wp-admin/HVN/
exe.dropper

http://qc-isf.com/zaxyzgc/fLXk/

Targets

    • Target

      bc987e7b5bd775460bdfe88b6b9147a2f88664361c4d0a332869ec51b19e2578

    • Size

      164KB

    • MD5

      274708206bf5c9740b99dd9eb0a71f7a

    • SHA1

      6f3933b653c85c6305d1451871950851a3e7a30f

    • SHA256

      bc987e7b5bd775460bdfe88b6b9147a2f88664361c4d0a332869ec51b19e2578

    • SHA512

      27b1e5da776ddfcb4fbbf4d7ec617b366cc3d4e8cd2b8649d69021e9c9ad6d8307ce7e047f39c1b9764cd6c53731f47bc4d7a18cfa555cd77189edaa737e087c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks