Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    561f1541d1ce60dd8a10c61c54f99d83e67ed86b0f645a6e564a99baa08f56b3.xls

  • Size

    70KB

  • Sample

    220303-sazt2sdcbr

  • MD5

    74ef2589b372f105b31d69b352aec951

  • SHA1

    2f12a5d662ee51bf73e7ddc2e04c7c018f367e36

  • SHA256

    561f1541d1ce60dd8a10c61c54f99d83e67ed86b0f645a6e564a99baa08f56b3

  • SHA512

    a5b2124f45034be6c2450a0623439fddf8251f431057ab004da9601f07f814ff6a5db6dbd74f09486ee5ed129a7c514effb999db0181161acaee856f529c7c4b

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://185.7.214.7/fer/fe2.html

Targets

    • Target

      561f1541d1ce60dd8a10c61c54f99d83e67ed86b0f645a6e564a99baa08f56b3.xls

    • Size

      70KB

    • MD5

      74ef2589b372f105b31d69b352aec951

    • SHA1

      2f12a5d662ee51bf73e7ddc2e04c7c018f367e36

    • SHA256

      561f1541d1ce60dd8a10c61c54f99d83e67ed86b0f645a6e564a99baa08f56b3

    • SHA512

      a5b2124f45034be6c2450a0623439fddf8251f431057ab004da9601f07f814ff6a5db6dbd74f09486ee5ed129a7c514effb999db0181161acaee856f529c7c4b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks