Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    35101e24e0d9b97edc46d35011a21e505ee4b05036998544ad3dad3444e09376

  • Size

    83KB

  • Sample

    220115-cdwc2accdj

  • MD5

    ff818ce9aa787f15cda72ec89a7efe74

  • SHA1

    f9f16f7ba8fde9898e685973e0e9293599442f28

  • SHA256

    35101e24e0d9b97edc46d35011a21e505ee4b05036998544ad3dad3444e09376

  • SHA512

    ad5ba5618fe7493da7061b06902ae408460aaae1544521e5b1db23d861cd787cb5c14e06a2d6dafac2b05aaab22b9e8850b0e5d312de54f535dbd082abefd80c

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.crownpacificpartners.com/guglio/Rt4el/
xlm40.dropper

http://nbp-c.com/ya/O0BO5vb3z1MkWcDOqV2/
xlm40.dropper

http://rjmtel.com/wp-content/bYAiTvGo635qKITG6/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.crownpacificpartners.com/guglio/Rt4el/

Targets

    • Target

      35101e24e0d9b97edc46d35011a21e505ee4b05036998544ad3dad3444e09376

    • Size

      83KB

    • MD5

      ff818ce9aa787f15cda72ec89a7efe74

    • SHA1

      f9f16f7ba8fde9898e685973e0e9293599442f28

    • SHA256

      35101e24e0d9b97edc46d35011a21e505ee4b05036998544ad3dad3444e09376

    • SHA512

      ad5ba5618fe7493da7061b06902ae408460aaae1544521e5b1db23d861cd787cb5c14e06a2d6dafac2b05aaab22b9e8850b0e5d312de54f535dbd082abefd80c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks