Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d22b1ed4ea99f7ad304a62fa6fa6755831c212f00508bd84b500904f99a1f766

  • Size

    83KB

  • Sample

    220112-cggdaaafa4

  • MD5

    81f096a1311f607e104703d7784dc901

  • SHA1

    e2c118a41b58aa29787d32c35048400f1bffd805

  • SHA256

    d22b1ed4ea99f7ad304a62fa6fa6755831c212f00508bd84b500904f99a1f766

  • SHA512

    bf7eb30e8997668ec9d19bd16c4a05c0e1352fd1de1699d18768e591fcf2d07a832b39c9d8addca66015bc117f97411fc53dc251bc090c1864239e150ae270e7

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://unifiedpharma.com/wp-admin/ildi5K2aTIrdvEobQ/
xlm40.dropper

https://kauffmancreates.com/images/G8050LVq/
xlm40.dropper

https://sanagrafix.com/udll/fki4w1vFApT4Rwjp1R/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://unifiedpharma.com/wp-admin/ildi5K2aTIrdvEobQ/

Targets

    • Target

      d22b1ed4ea99f7ad304a62fa6fa6755831c212f00508bd84b500904f99a1f766

    • Size

      83KB

    • MD5

      81f096a1311f607e104703d7784dc901

    • SHA1

      e2c118a41b58aa29787d32c35048400f1bffd805

    • SHA256

      d22b1ed4ea99f7ad304a62fa6fa6755831c212f00508bd84b500904f99a1f766

    • SHA512

      bf7eb30e8997668ec9d19bd16c4a05c0e1352fd1de1699d18768e591fcf2d07a832b39c9d8addca66015bc117f97411fc53dc251bc090c1864239e150ae270e7

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks