Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c26657af2c3d125e367f56a36faf49573f77c6a9af55143175ad81263569504

  • Size

    83KB

  • Sample

    220114-aj15csdda9

  • MD5

    7af5d5d483a8030e2f6a8bb74b7d0f44

  • SHA1

    75e2644fa41cb965a182fde157f78aee69a74a01

  • SHA256

    4c26657af2c3d125e367f56a36faf49573f77c6a9af55143175ad81263569504

  • SHA512

    f006236102582f2d47de79789aeb65dcde8dd363dd9c3f841a51740fe786031caf59ae06c63ea337d50e472c2145f8757156afbd60608a05f43d350cb39eec04

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://adi.iswks.com/assets/hO1v71pqfNN/
xlm40.dropper

http://kopbhawan.com/mdphht/fwqEBVQlJXHayt/
xlm40.dropper

http://towardsun.net/admin/dcg3jSLkPuYsQ5xB/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://adi.iswks.com/assets/hO1v71pqfNN/

Targets

    • Target

      4c26657af2c3d125e367f56a36faf49573f77c6a9af55143175ad81263569504

    • Size

      83KB

    • MD5

      7af5d5d483a8030e2f6a8bb74b7d0f44

    • SHA1

      75e2644fa41cb965a182fde157f78aee69a74a01

    • SHA256

      4c26657af2c3d125e367f56a36faf49573f77c6a9af55143175ad81263569504

    • SHA512

      f006236102582f2d47de79789aeb65dcde8dd363dd9c3f841a51740fe786031caf59ae06c63ea337d50e472c2145f8757156afbd60608a05f43d350cb39eec04

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks