Overview

overview

10

Static

static

8

1c2c9ed885...95.xls

windows7_x64

10

1c2c9ed885...95.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c2c9ed8859bf774c091debcdb228795

  • Size

    118KB

  • Sample

    220111-tqsw4sgdhm

  • MD5

    1c2c9ed8859bf774c091debcdb228795

  • SHA1

    c4440f6be0a350228488ccc079783176d3383d04

  • SHA256

    7dcde20dd26c5388d734d658830ebb48bf5c1170cf9ec39a3e084d8e728715e8

  • SHA512

    a064ca499ae09cb45a8c590d88cb65fc7d38a2ca9bc7c53c7c8cc2f58a79e09480d2a51d3eac32941d9f2028dbba8274a58dfd04987de4417c2653d42ed8df79

Score
10/10
emotetbankermacrosuricatatrojanxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://wordpressdes.vanzolini-gte.org.br/fundacaotelefonica.org.br/gAbC4QpJYI/

Targets

    • Target

      1c2c9ed8859bf774c091debcdb228795

    • Size

      118KB

    • MD5

      1c2c9ed8859bf774c091debcdb228795

    • SHA1

      c4440f6be0a350228488ccc079783176d3383d04

    • SHA256

      7dcde20dd26c5388d734d658830ebb48bf5c1170cf9ec39a3e084d8e728715e8

    • SHA512

      a064ca499ae09cb45a8c590d88cb65fc7d38a2ca9bc7c53c7c8cc2f58a79e09480d2a51d3eac32941d9f2028dbba8274a58dfd04987de4417c2653d42ed8df79

    Score
    10/10
    emotetbankersuricatatrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks