Overview

overview

10

Static

static

8

SlurpeeDOC

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    emotet_e2_ea21a75b3954d828b7a840979fb0998d7726faa8028f57af1cb53ac417955d5b_2021-01-22__175134400831._doc

  • Size

    174KB

  • Sample

    210122-3dla8wahpa

  • MD5

    1597e73b2a776551d93f52a29fafaeba

  • SHA1

    b74b11bfc458c1506aba5700f4fbd1f8ca91a980

  • SHA256

    ea21a75b3954d828b7a840979fb0998d7726faa8028f57af1cb53ac417955d5b

  • SHA512

    4be6f8674f4f244b4bb527983eb570a8bfb07e4d74ec08008929cef78dea73f7c4bf0aa3fa471942c51575ce530974d0f645d35df8fffe1fdd22a9f806a3159c

Score
10/10
macroransomwarexlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://coworkingplus.es/wp-admin/FxmME/
exe.dropper

http://silkonbusiness.matrixinfotechsolution.com/js/q26/
exe.dropper

https://bbjugueteria.com/s6kscx/Z/
exe.dropper

https://www.bimception.com/wp-admin/sHy5t/
exe.dropper

http://armakonarms.com/wp-includes/fz/
exe.dropper

http://alugrama.com.mx/t/2/
exe.dropper

http://homecass.com/wp-content/iF/

Targets

    • Target

      emotet_e2_ea21a75b3954d828b7a840979fb0998d7726faa8028f57af1cb53ac417955d5b_2021-01-22__175134400831._doc

    • Size

      174KB

    • MD5

      1597e73b2a776551d93f52a29fafaeba

    • SHA1

      b74b11bfc458c1506aba5700f4fbd1f8ca91a980

    • SHA256

      ea21a75b3954d828b7a840979fb0998d7726faa8028f57af1cb53ac417955d5b

    • SHA512

      4be6f8674f4f244b4bb527983eb570a8bfb07e4d74ec08008929cef78dea73f7c4bf0aa3fa471942c51575ce530974d0f645d35df8fffe1fdd22a9f806a3159c

    Score
    10/10
    ransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks