Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9d3854a143ef21ea2f229b04928a70a0bb2f546162e2eae563243d867e00d1ce

  • Size

    65KB

  • Sample

    220117-136gasdah7

  • MD5

    d13888aa7ccb2000c133b0ca9a1bd653

  • SHA1

    a9e3e296c1b75aaee53f93f96d603107a9a6874c

  • SHA256

    9d3854a143ef21ea2f229b04928a70a0bb2f546162e2eae563243d867e00d1ce

  • SHA512

    209487538b7314b8f0051ced9bd8850c7dcb3f0e5302722fe799a725e067202959484d72613d1c307b2daba7c1db5ccab6cb781b23808ae92f116b0cc70981bd

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://0xc12a24f5/cc.html

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://193.42.36.245/PP91.PNG

Targets

    • Target

      9d3854a143ef21ea2f229b04928a70a0bb2f546162e2eae563243d867e00d1ce

    • Size

      65KB

    • MD5

      d13888aa7ccb2000c133b0ca9a1bd653

    • SHA1

      a9e3e296c1b75aaee53f93f96d603107a9a6874c

    • SHA256

      9d3854a143ef21ea2f229b04928a70a0bb2f546162e2eae563243d867e00d1ce

    • SHA512

      209487538b7314b8f0051ced9bd8850c7dcb3f0e5302722fe799a725e067202959484d72613d1c307b2daba7c1db5ccab6cb781b23808ae92f116b0cc70981bd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks