Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b26329204d4a737b51b710c6fb4ca573291be87a1fb5606f0e0b75987c09908f

  • Size

    106KB

  • Sample

    220329-1tzmdsbgf6

  • MD5

    f560b93aa052b4eff9a8dab2b150fda2

  • SHA1

    386c9937d0819886e7bfed8af1c814bdc943fd7b

  • SHA256

    b26329204d4a737b51b710c6fb4ca573291be87a1fb5606f0e0b75987c09908f

  • SHA512

    f57488fba7dd54601a4930e4bf4a9158659d36d12d5dde2728b6e4c60a1cf422b9e03cb0b897dd5967cd8101c4ca0edffcdfc85946c9beefc8fdc2dc889d280b

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://dougveeder.com/cgi-bin/xJ91ZttGRioQ7IUL/
xlm40.dropper

https://e-fistik.com/ajax/PnA23/
xlm40.dropper

http://dsinformaticos.com/_private/f36Yl/
xlm40.dropper

http://dstny.net/cgi-bin/POqJKcxiIzRb/
xlm40.dropper

http://fakecity.net/cache/XtIzhyLEoLI7/
xlm40.dropper

http://fayeschmidt.com/cgi-bin/Q8pj6/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://dougveeder.com/cgi-bin/xJ91ZttGRioQ7IUL/

Targets

    • Target

      b26329204d4a737b51b710c6fb4ca573291be87a1fb5606f0e0b75987c09908f

    • Size

      106KB

    • MD5

      f560b93aa052b4eff9a8dab2b150fda2

    • SHA1

      386c9937d0819886e7bfed8af1c814bdc943fd7b

    • SHA256

      b26329204d4a737b51b710c6fb4ca573291be87a1fb5606f0e0b75987c09908f

    • SHA512

      f57488fba7dd54601a4930e4bf4a9158659d36d12d5dde2728b6e4c60a1cf422b9e03cb0b897dd5967cd8101c4ca0edffcdfc85946c9beefc8fdc2dc889d280b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks