Overview

overview

10

Static

static

8

emotet_doc2

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14ab848a21e4370cbecb5bce9b9233d37aa0d9a02dd7e3aa32fb1ccdf052b07c

  • Size

    82KB

  • Sample

    201111-rgg37q671j

  • MD5

    d8cf142293ff0dda1cc5bc5d40804b97

  • SHA1

    beacebcca4ba412437b0c6f3c35ec63d0d90b3bd

  • SHA256

    14ab848a21e4370cbecb5bce9b9233d37aa0d9a02dd7e3aa32fb1ccdf052b07c

  • SHA512

    a2bd79e9ea9760402536d20bf18e64486e54450fd0b9ce0d99ee26000acfd2abcfa1197de2ddc0cd352a8d4c8095e9604d713c55f6bb78cccf320faacf1b9ca8

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.lt3.com.br/4P
exe.dropper

http://licanten.tk/Tgpc38X
exe.dropper

http://www.cainfirley.com/xzd8um
exe.dropper

http://www.kanarya.com.tr/SU
exe.dropper

http://www.goldschmittestans.ch/wtqNM

Targets

    • Target

      14ab848a21e4370cbecb5bce9b9233d37aa0d9a02dd7e3aa32fb1ccdf052b07c

    • Size

      82KB

    • MD5

      d8cf142293ff0dda1cc5bc5d40804b97

    • SHA1

      beacebcca4ba412437b0c6f3c35ec63d0d90b3bd

    • SHA256

      14ab848a21e4370cbecb5bce9b9233d37aa0d9a02dd7e3aa32fb1ccdf052b07c

    • SHA512

      a2bd79e9ea9760402536d20bf18e64486e54450fd0b9ce0d99ee26000acfd2abcfa1197de2ddc0cd352a8d4c8095e9604d713c55f6bb78cccf320faacf1b9ca8

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks