Overview

overview

10

Static

static

8

emotet_e2_...oc.doc

windows7_x64

10

emotet_e2_...oc.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    emotet_e2_57b7b51bda5f296173d4b0d759d9eedfe6eefe1b4eb2b4b1f5f614a603e6a520_2021-01-12__220415638176._doc

  • Size

    157KB

  • Sample

    210112-5s38gc6lzs

  • MD5

    1a57442352881fb5da2d6e91e255e9a7

  • SHA1

    8b319330075c86ea0fdac21108ff50fa751afaf6

  • SHA256

    57b7b51bda5f296173d4b0d759d9eedfe6eefe1b4eb2b4b1f5f614a603e6a520

  • SHA512

    a624452785e6ca49a5a0bfc22a36650cbd2f73d50ac1423ad3c7de80e77a1d24958eef4b4b8d94b8ed7e29c148c1e0877ee3836f244e00ec29fb884aa7649394

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://remediis.com/t/gm2X/
exe.dropper

http://avadnansahin.com/wp-includes/w/
exe.dropper

http://solicon.us/allam-cycle-1c4gn/f5z/
exe.dropper

http://www.riparazioni-radiotv.com/softaculous/DZz/
exe.dropper

http://www.agricampeggiocortecomotto.it/wp-admin/s7p1/
exe.dropper

https://www.starlingtechs.com/GNM/
exe.dropper

http://hellas-darmstadt.de/cgi-bin/ZSoo/

Targets

    • Target

      emotet_e2_57b7b51bda5f296173d4b0d759d9eedfe6eefe1b4eb2b4b1f5f614a603e6a520_2021-01-12__220415638176._doc

    • Size

      157KB

    • MD5

      1a57442352881fb5da2d6e91e255e9a7

    • SHA1

      8b319330075c86ea0fdac21108ff50fa751afaf6

    • SHA256

      57b7b51bda5f296173d4b0d759d9eedfe6eefe1b4eb2b4b1f5f614a603e6a520

    • SHA512

      a624452785e6ca49a5a0bfc22a36650cbd2f73d50ac1423ad3c7de80e77a1d24958eef4b4b8d94b8ed7e29c148c1e0877ee3836f244e00ec29fb884aa7649394

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks