Overview

overview

10

Static

static

8

0311.xls

windows7-x64

10

0311.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    0311.xls

  • Size

    217KB

  • Sample

    221103-q8eknabaf3

  • MD5

    16932d45492cfac03e844dfb0f0b3827

  • SHA1

    2968cb1a0ea2b5d4121215033a16b048b01994a6

  • SHA256

    6a6b3087e607cb76ce671d1009ddb70bdea147c18bd9a44e6704158c6ecfa28a

  • SHA512

    df096f00a9bc414c778a26b6cef3fff1b3e68e75315ef23d509962cb42152e0678df9950d110f17ed3de715aaa17a28212c1c32e9eeb33695a81afed1e2a24cf

  • SSDEEP

    6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dg8yY+TAQXTHGUMEyP5p6f5jQm9:nbGUMVWlb9

Score
10/10
emotetbankermacrotrojanxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://kabaruntukrakyat.com/wp-content/B9oJ0jh/
xlm40.dropper

http://coinkub.com/wp-content/WwrJvjumS/
xlm40.dropper

https://aberractivity.hu/iqq/Dmtv/
xlm40.dropper

https://anamafegarcia.es/css/HfFXMTXvc40t/

Targets

    • Target

      0311.xls

    • Size

      217KB

    • MD5

      16932d45492cfac03e844dfb0f0b3827

    • SHA1

      2968cb1a0ea2b5d4121215033a16b048b01994a6

    • SHA256

      6a6b3087e607cb76ce671d1009ddb70bdea147c18bd9a44e6704158c6ecfa28a

    • SHA512

      df096f00a9bc414c778a26b6cef3fff1b3e68e75315ef23d509962cb42152e0678df9950d110f17ed3de715aaa17a28212c1c32e9eeb33695a81afed1e2a24cf

    • SSDEEP

      6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dg8yY+TAQXTHGUMEyP5p6f5jQm9:nbGUMVWlb9

    Score
    10/10
    emotetbankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks