Overview

overview

10

Static

static

8

emotet_e2_...oc.doc

windows7_x64

10

emotet_e2_...oc.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    emotet_e2_5df4b703c5848bd3bf897faba1f1142e11c95e17e720a911ade33cdb275f3e0b_2021-01-12__195744664179._doc

  • Size

    158KB

  • Sample

    210112-dskeffj66s

  • MD5

    aed8593d224d3041b5bd0e465ae2b1f5

  • SHA1

    8f1728588225aa4af50e8a8a9580d5ee5fba96f5

  • SHA256

    5df4b703c5848bd3bf897faba1f1142e11c95e17e720a911ade33cdb275f3e0b

  • SHA512

    94d0b097f2840195263790a52e7097a093900016d605497e2b5bb567290912c73f9eecdf02af793ad7e95ce9dafab393027413a1d0eaeb56cab01b67d0bad8de

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://shulovbaazar.com/c/bcL6/
exe.dropper

https://mybusinessevent.com/tiki-install/e/
exe.dropper

http://uhk.cncranes.com/ErrorPages/3/
exe.dropper

https://capturetheaction.com.au/wp-includes/Yjp/
exe.dropper

https://thenetworker.ca/comment/8N4/
exe.dropper

https://trayonlinegh.com/cgi-bin/HBPR/
exe.dropper

http://mmo.martinpollock.co.uk/a/SQSGg/

Targets

    • Target

      emotet_e2_5df4b703c5848bd3bf897faba1f1142e11c95e17e720a911ade33cdb275f3e0b_2021-01-12__195744664179._doc

    • Size

      158KB

    • MD5

      aed8593d224d3041b5bd0e465ae2b1f5

    • SHA1

      8f1728588225aa4af50e8a8a9580d5ee5fba96f5

    • SHA256

      5df4b703c5848bd3bf897faba1f1142e11c95e17e720a911ade33cdb275f3e0b

    • SHA512

      94d0b097f2840195263790a52e7097a093900016d605497e2b5bb567290912c73f9eecdf02af793ad7e95ce9dafab393027413a1d0eaeb56cab01b67d0bad8de

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks