Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e8824a855908e301cb873fe67e37eb4af99b32f75fb1ea8997af913540ece02

  • Size

    83KB

  • Sample

    220113-h3b9cagdc2

  • MD5

    b5aec92918e1bfc009b1755d915bd2d3

  • SHA1

    df4e9cebca1868eabb7efd97b8b9874a737711a2

  • SHA256

    8e8824a855908e301cb873fe67e37eb4af99b32f75fb1ea8997af913540ece02

  • SHA512

    9bb8cb30ffb93056fbf4d2b24e0b66a3b4f57dbd4d25b39203bb945055385d596cfcc53ec07d7af0e9daeed972c577755ba63674b85baf4b01c8a182dd418388

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://digitalcardsbychivami.xyz/includes/KrPj/
xlm40.dropper

http://demo.avionxpress.com/assets/XqQrGSKq8TrVj/
xlm40.dropper

http://swipermachinereview.xyz/wp-includes/t3Ow4KF0p0Q8oo/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://digitalcardsbychivami.xyz/includes/KrPj/

Targets

    • Target

      8e8824a855908e301cb873fe67e37eb4af99b32f75fb1ea8997af913540ece02

    • Size

      83KB

    • MD5

      b5aec92918e1bfc009b1755d915bd2d3

    • SHA1

      df4e9cebca1868eabb7efd97b8b9874a737711a2

    • SHA256

      8e8824a855908e301cb873fe67e37eb4af99b32f75fb1ea8997af913540ece02

    • SHA512

      9bb8cb30ffb93056fbf4d2b24e0b66a3b4f57dbd4d25b39203bb945055385d596cfcc53ec07d7af0e9daeed972c577755ba63674b85baf4b01c8a182dd418388

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks