Overview

overview

10

Static

static

8

emotet_doc2

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd2421a7b248b25f9ef723017b833446e02a24430c8e91b5fbb63978ca71374a

  • Size

    166KB

  • Sample

    210519-jq1vyn1v5j

  • MD5

    077da5520e50d65600da29688eab601b

  • SHA1

    772bbd4dbc5dfbdba9d59dbea13df618edf7d4d1

  • SHA256

    fd2421a7b248b25f9ef723017b833446e02a24430c8e91b5fbb63978ca71374a

  • SHA512

    794979b8bef0d83e3685c6fc0fb0e8ce27769437d9366cbcfa8336766972f5b938c92cce046ce57c59e1cfbc6adfa6c6760f970e3f1d18b4e64270714c3044d6

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://suidi.com/IdWaI
exe.dropper

http://spprospekt.com.br/WCH
exe.dropper

http://sportpony.ch/R1c
exe.dropper

http://regenerationcongo.com/imiK6
exe.dropper

http://procoach.jp/newfolde_r/Q8G8Tdg

Targets

    • Target

      fd2421a7b248b25f9ef723017b833446e02a24430c8e91b5fbb63978ca71374a

    • Size

      166KB

    • MD5

      077da5520e50d65600da29688eab601b

    • SHA1

      772bbd4dbc5dfbdba9d59dbea13df618edf7d4d1

    • SHA256

      fd2421a7b248b25f9ef723017b833446e02a24430c8e91b5fbb63978ca71374a

    • SHA512

      794979b8bef0d83e3685c6fc0fb0e8ce27769437d9366cbcfa8336766972f5b938c92cce046ce57c59e1cfbc6adfa6c6760f970e3f1d18b4e64270714c3044d6

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks