Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1acf41bbfa306e03a1d1af2691e772ceb60123ce7ec7b2f45e25d4adbaca9bf.xls

  • Size

    95KB

  • Sample

    220707-dml2dseea3

  • MD5

    93053bdf6169e85996cbb4f1914343b3

  • SHA1

    9ba16382a40831e627fd3175af6eaa833ab6f16f

  • SHA256

    a1acf41bbfa306e03a1d1af2691e772ceb60123ce7ec7b2f45e25d4adbaca9bf

  • SHA512

    350967e6aea6a3b74366874d5b5362b2064620b014784475503631b6bd86dea04f98516f5b4d82a467283cf5ead5d562d0191600dcee069fa967c7537acfcc13

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
xlm40.dropper

http://earthmach.co.za/libraries/tWkZh9YrXbTd6IeX/
xlm40.dropper

http://finvest.rs/wp-admin/Hr9nVNTIHgw59S/
xlm40.dropper

http://efverstedt.se/5jjaV/w7fLEHJ20xn0qD/

Targets

    • Target

      a1acf41bbfa306e03a1d1af2691e772ceb60123ce7ec7b2f45e25d4adbaca9bf.xls

    • Size

      95KB

    • MD5

      93053bdf6169e85996cbb4f1914343b3

    • SHA1

      9ba16382a40831e627fd3175af6eaa833ab6f16f

    • SHA256

      a1acf41bbfa306e03a1d1af2691e772ceb60123ce7ec7b2f45e25d4adbaca9bf

    • SHA512

      350967e6aea6a3b74366874d5b5362b2064620b014784475503631b6bd86dea04f98516f5b4d82a467283cf5ead5d562d0191600dcee069fa967c7537acfcc13

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks