emotet | bcc005b1fa0edebb17871c2d8df362422caab81970c484929bfd040e6042f58a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bcc005b1fa0edebb17871c2d8df362422caab81970c484929bfd040e6042f58a.xls
Size

217KB
Sample

221102-yhqh8sbda2
MD5

396f838fb9129a54f1ef878cc85fe3b4
SHA1

efca518dea7d902fc71422f87c17967d9fe8983b
SHA256

bcc005b1fa0edebb17871c2d8df362422caab81970c484929bfd040e6042f58a
SHA512

7de42455d89800238f16258d429d4966c834d1dd3d235e3568155d781a5333c7167e91808d720f73654fc650bd42756465a8c27bc94c53ce27d9a27bf76a388d
SSDEEP

6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgzyY+TAQXTHGUMEyP5p6f5jQm:WbGUMVWlb

Score

10^/10

emotet banker macro persistence trojan xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://atlantia.sca.org/php_fragments/D8Nwm2F80BL4s/

xlm40.dropper

https://amorecuidados.com.br/wp-admin/t3D/

xlm40.dropper

http://aibwireless.com/cgi-bin/zR2mG25Ssk8dH/

xlm40.dropper

http://thuybaohuy.com/wp-content/u3MJwXSP9tmiaTCyZD/

Targets

- Target
  
  bcc005b1fa0edebb17871c2d8df362422caab81970c484929bfd040e6042f58a.xls
- Size
  
  217KB
- MD5
  
  396f838fb9129a54f1ef878cc85fe3b4
- SHA1
  
  efca518dea7d902fc71422f87c17967d9fe8983b
- SHA256
  
  bcc005b1fa0edebb17871c2d8df362422caab81970c484929bfd040e6042f58a
- SHA512
  
  7de42455d89800238f16258d429d4966c834d1dd3d235e3568155d781a5333c7167e91808d720f73654fc650bd42756465a8c27bc94c53ce27d9a27bf76a388d
- SSDEEP
  
  6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgzyY+TAQXTHGUMEyP5p6f5jQm:WbGUMVWlb
Score

10^/10

emotet banker persistence trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

emotetbankerpersistencetrojan