Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    152d0b25ca2f0f4066edf77906c112fe4e6d49c17f6fc35a039686276ad7686d

  • Size

    83KB

  • Sample

    220113-hqe5gagchn

  • MD5

    a4fd29ae977b18fae9b5d53d5b355bc3

  • SHA1

    6a2832d9d465160ab149f8a10c105e7fffb5b254

  • SHA256

    152d0b25ca2f0f4066edf77906c112fe4e6d49c17f6fc35a039686276ad7686d

  • SHA512

    dfcfc2f76c4583c85eb02a79cf23de52c6b6cd696636f422dee937799d10cb6d475aae19684f0ccb09612a9675e508bd30b209c8f3f90dd53c0920f755e23ec7

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://mammy-chiro.com/case/ZTkBzbz/
xlm40.dropper

http://bluetoothheadsetreview.xyz/wp-includes/xmdHAGgfki/
xlm40.dropper

http://topline36.xyz/wp-includes/css/BB9Ajvjs89U9O/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://mammy-chiro.com/case/ZTkBzbz/
xlm40.dropper

http://bluetoothheadsetreview.xyz/wp-includes/xmdHAGgfki/

Targets

    • Target

      152d0b25ca2f0f4066edf77906c112fe4e6d49c17f6fc35a039686276ad7686d

    • Size

      83KB

    • MD5

      a4fd29ae977b18fae9b5d53d5b355bc3

    • SHA1

      6a2832d9d465160ab149f8a10c105e7fffb5b254

    • SHA256

      152d0b25ca2f0f4066edf77906c112fe4e6d49c17f6fc35a039686276ad7686d

    • SHA512

      dfcfc2f76c4583c85eb02a79cf23de52c6b6cd696636f422dee937799d10cb6d475aae19684f0ccb09612a9675e508bd30b209c8f3f90dd53c0920f755e23ec7

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks