e83f6fa3b3608656bd6dbaeff724b5b67e78e3bd05150a9eb68086f2b5e2398c | Triage

Sharing

General

Target

emotet.xls.zip
Size

42KB
Sample

230127-mpjtgsac26
MD5

e857218c297c7bda9c6b74ec65367ceb
SHA1

ae114f70b16ec28fb5e5929c6b9ecb8ded7cbcd4
SHA256

e83f6fa3b3608656bd6dbaeff724b5b67e78e3bd05150a9eb68086f2b5e2398c
SHA512

d0e39ffa06588efea6a21e7e6b0d125cd5effaeb78c857fa205fb22c74f8a37e75603999cf90b77dcdeb4b8dc56267a5ebce62ae35dd589b4984e6f573e8953a
SSDEEP

768:/B5Gco2uGrHqVYCp0EbgmVYzP0sizPX/vVf7iqZGff8ZnPgWQ8SB6vUEdp:QWe9p0WTYzPXijXFiqIfqnIWIBeUEv

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://datie-tw.com/img/O8G0RDZj7MYCuJyPoP/

xlm40.dropper

http://sbm.xinmoshiwang.com/upload/VaOfWEb3pW76UO/

xlm40.dropper

https://copunupo.ac.zm/cgi-bin/WFFcGx/

xlm40.dropper

http://ly.yjlianyi.top/wp-admin/4cChao/

Targets

- Target
  
  87c3545310157886ea652afb97e0dfa9e7d09a6392663710091f20f53757da4a.xls
- Size
  
  91KB
- MD5
  
  eb6e88a5ea61dd9dde6e08f466051c52
- SHA1
  
  3e4b742d8e9829687c602de589629956d070393f
- SHA256
  
  87c3545310157886ea652afb97e0dfa9e7d09a6392663710091f20f53757da4a
- SHA512
  
  19681de8a7674b97a81c96cdadec6bb12e588a2e788ff30db39ef574818e189c701c49512bbc2f6156131f10742f7170a1912f1bae9b39f52ddfb71df183492c
- SSDEEP
  
  1536:vKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgHbCXuZH4gb4CEn9J4ZPX5:vKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgl
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2