Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4bd8c91634e67571e3d3ef12e97ec113895c366559309e1ed0cf9a18b196b787.xlsm

  • Size

    115KB

  • Sample

    220313-n51ydahaam

  • MD5

    2d0af5965ec7ba95979588b8567ad0b1

  • SHA1

    18f195c66fb5966a4e098e1f74fc047902c1989c

  • SHA256

    4bd8c91634e67571e3d3ef12e97ec113895c366559309e1ed0cf9a18b196b787

  • SHA512

    e5c29a1fbd6377eb60e22de3a9f651016105770c4e744b1dc77cb3ca04b87e2c9a69b672788656152b14fb8cf476c40ef849e69dd5f66d786effb6cc8da32b3a

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://92.255.57.195/sec/se1.html

Targets

    • Target

      4bd8c91634e67571e3d3ef12e97ec113895c366559309e1ed0cf9a18b196b787.xlsm

    • Size

      115KB

    • MD5

      2d0af5965ec7ba95979588b8567ad0b1

    • SHA1

      18f195c66fb5966a4e098e1f74fc047902c1989c

    • SHA256

      4bd8c91634e67571e3d3ef12e97ec113895c366559309e1ed0cf9a18b196b787

    • SHA512

      e5c29a1fbd6377eb60e22de3a9f651016105770c4e744b1dc77cb3ca04b87e2c9a69b672788656152b14fb8cf476c40ef849e69dd5f66d786effb6cc8da32b3a

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks