Overview

overview

10

Static

static

8

2022-05-12_0820.xls

windows7_x64

10

2022-05-12_0820.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2022-05-12_0820.zip

  • Size

    14KB

  • Sample

    220511-3czl6sfdfn

  • MD5

    debdea653f1c7c4cdc24169cdaa8a7e2

  • SHA1

    7e5520e7dfdb0eccee0208a1a7a612dbcf771403

  • SHA256

    dfba343b9db8b37a291e523a35a24775b76ff303680a742354546fba19f27339

  • SHA512

    2da74921937559fb2a68179de5b94512af10908f0ea3448b078f880076fc9d9f670985dac0c3fc78e2d9956606a00883f053501a09c034453e9cb7cf225d3bf4

Score
10/10
emotetbankermacrosuricatatrojanxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://easiercommunications.com/wp-content/w/

Targets

    • Target

      2022-05-12_0820.xls

    • Size

      40KB

    • MD5

      af4ca8ee9e837d482082a9bf780211ab

    • SHA1

      8ec12d0c46935cdf80200ad0999651e0bca95c53

    • SHA256

      9e1acdd26e2ea35a6c1aca2b8bbe062b0ebbbb72cb1f97976f1717f056290b1a

    • SHA512

      9fb0ca0d34126b9b5669311836305a273caa0dbd388e1e3d03d5c3fe50304c1062ffcc6b0372ebf45a556f837482795ae4795d34803dfab0fc8c7d8fda7d2619

    Score
    10/10
    emotetbankersuricatatrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks