Overview

overview

10

Static

static

8

562.xls

windows7-x64

10

562.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    562.xls

  • Size

    217KB

  • Sample

    221103-vqmkrscge8

  • MD5

    c2e34731e0c5a3e75c35d7e6dcd5b14d

  • SHA1

    9ef72765312220c818544cae93a6602e06368521

  • SHA256

    885b6fbc0fc6c4047b764ecac7e7b3a30b10b203f186598ead1ad06492e94d6a

  • SHA512

    118b8779c8454b4543f816beb66a545b015388801e5c11c8c8bb518022d068bfb8bb7722fb6d3d6a524c2d1fb5b30a4a1c42fe3e3504bdb2ac244879116879eb

  • SSDEEP

    6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgIyY+TAQXTHGUMEyP5p6f5jQm7:bbGUMVWlb7

Score
10/10
emotetbankermacrotrojanxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://aprendeconmireia.com/images/wBu/
xlm40.dropper

http://updailymail.com/cgi-bin/gBYmfqRi2utIS2n/
xlm40.dropper

https://akuntansi.itny.ac.id/asset/9aVFvYeaSKOhGBSLx/
xlm40.dropper

http://swiftwebbox.com/cgi-bin/vNqoMtQilpysJYRwtGu/

Targets

    • Target

      562.xls

    • Size

      217KB

    • MD5

      c2e34731e0c5a3e75c35d7e6dcd5b14d

    • SHA1

      9ef72765312220c818544cae93a6602e06368521

    • SHA256

      885b6fbc0fc6c4047b764ecac7e7b3a30b10b203f186598ead1ad06492e94d6a

    • SHA512

      118b8779c8454b4543f816beb66a545b015388801e5c11c8c8bb518022d068bfb8bb7722fb6d3d6a524c2d1fb5b30a4a1c42fe3e3504bdb2ac244879116879eb

    • SSDEEP

      6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgIyY+TAQXTHGUMEyP5p6f5jQm7:bbGUMVWlb7

    Score
    10/10
    emotetbankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks