Overview

overview

10

Static

static

8

emotet_doc2

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    52e6f3c8301df68dd941f97db3340fa6afd58f7f3fc0b7ce6a57703806e9165a

  • Size

    98KB

  • Sample

    201108-5dtzar49gs

  • MD5

    8cb82a353ce10ff2a56850540fc92245

  • SHA1

    69e0bd64ac4d8be1e8e6af134c6fb19288d1e623

  • SHA256

    52e6f3c8301df68dd941f97db3340fa6afd58f7f3fc0b7ce6a57703806e9165a

  • SHA512

    b97c23f3352bdf99a18cca48993dc6809772e0cf9c846434bc1832268a71a451a9464653c39e89d506306719bddab1195d54cd05a1d1efda776af55754946773

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://tristanrineer.com/uDitL1
exe.dropper

http://techsistsolution.com/rmztD
exe.dropper

http://nightflight.jp/hGZWc
exe.dropper

http://aqualuna.jp/FBfN
exe.dropper

http://blackvomit.com.br/M

Targets

    • Target

      52e6f3c8301df68dd941f97db3340fa6afd58f7f3fc0b7ce6a57703806e9165a

    • Size

      98KB

    • MD5

      8cb82a353ce10ff2a56850540fc92245

    • SHA1

      69e0bd64ac4d8be1e8e6af134c6fb19288d1e623

    • SHA256

      52e6f3c8301df68dd941f97db3340fa6afd58f7f3fc0b7ce6a57703806e9165a

    • SHA512

      b97c23f3352bdf99a18cca48993dc6809772e0cf9c846434bc1832268a71a451a9464653c39e89d506306719bddab1195d54cd05a1d1efda776af55754946773

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks