Overview

overview

10

Static

static

8

SlurpeeDOC

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    emotet_e2_5a17dee61b79152ce451f560a17603b291bd0934b4c0bdb69a3328fca8b36771_2021-01-21__043640117107._fpx

  • Size

    167KB

  • Sample

    210121-b6twm3rhnj

  • MD5

    a42f10c99c0ccb2e933eb807ec5643ba

  • SHA1

    fe7d41ff8630943ecda62b54fb8b632a56b8e316

  • SHA256

    5a17dee61b79152ce451f560a17603b291bd0934b4c0bdb69a3328fca8b36771

  • SHA512

    ea70c01ae1e987b80657659b84be3ad5f90b0f47a7c933c15edc4930f975129f686b6f7908d9293039c43913ea0234305aae850ec3fcaedb090f478cb5b71a45

Score
10/10
macroransomwarexlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://trendmoversdubai.com/cgi-bin/B73/
exe.dropper

http://dryaquelingrdo.com/wp-content/SI/
exe.dropper

http://bardiastore.com/wp-admin/A1283/
exe.dropper

http://oxycode.net/wp-admin/x/
exe.dropper

http://fabulousstylz.net/248152296/TpI/
exe.dropper

http://abdo-alyemeni.com/wp-admin/seG6/
exe.dropper

http://giteslacolombiere.com/wp-admin/FV/

Targets

    • Target

      emotet_e2_5a17dee61b79152ce451f560a17603b291bd0934b4c0bdb69a3328fca8b36771_2021-01-21__043640117107._fpx

    • Size

      167KB

    • MD5

      a42f10c99c0ccb2e933eb807ec5643ba

    • SHA1

      fe7d41ff8630943ecda62b54fb8b632a56b8e316

    • SHA256

      5a17dee61b79152ce451f560a17603b291bd0934b4c0bdb69a3328fca8b36771

    • SHA512

      ea70c01ae1e987b80657659b84be3ad5f90b0f47a7c933c15edc4930f975129f686b6f7908d9293039c43913ea0234305aae850ec3fcaedb090f478cb5b71a45

    Score
    10/10
    ransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks