Overview

overview

8

Static

static

8

EmmaJardi.dotm

windows7-x64

1

EmmaJardi.dotm

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    EmmaJardi.dotm.bin

  • Size

    34KB

  • Sample

    221031-gvnrqsacc8

  • MD5

    c00a7f100a22809771866cd56f82386c

  • SHA1

    d52604ceeff41f9df8510ab34358496e277b4c62

  • SHA256

    718e55af05f48101eac7fb07767dba56a26651f8ed14f1c88058e1902d3d9dd5

  • SHA512

    72fb1f2350c3d4bd9d259507f599b69f4370efaf0aebc36a909c97c0612baafa891c42fa2419795d4b914873fac0fe9488a9d2724414cdcf8640c0f2c44a6c15

  • SSDEEP

    768:T164UEv1YoktHZRzN9/WOSYRJy8bp5+3Bx3e:h64UEdYo459/Smy8bCBxu

Score
8/10
macro

Malware Config

Targets

    • Target

      EmmaJardi.dotm.bin

    • Size

      34KB

    • MD5

      c00a7f100a22809771866cd56f82386c

    • SHA1

      d52604ceeff41f9df8510ab34358496e277b4c62

    • SHA256

      718e55af05f48101eac7fb07767dba56a26651f8ed14f1c88058e1902d3d9dd5

    • SHA512

      72fb1f2350c3d4bd9d259507f599b69f4370efaf0aebc36a909c97c0612baafa891c42fa2419795d4b914873fac0fe9488a9d2724414cdcf8640c0f2c44a6c15

    • SSDEEP

      768:T164UEv1YoktHZRzN9/WOSYRJy8bp5+3Bx3e:h64UEdYo459/Smy8bCBxu

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks