Overview

overview

10

Static

static

8

emotet_v6

windows10-1703-x64

1

emotet_doc

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    801f13593959bf1d6d1a40eebe49ed579cf5ebc92d6ac6adc7516b5d1e087655.doc

  • Size

    267KB

  • Sample

    230321-3mae2afg41

  • MD5

    9d637146675b8bac3609bee390834f11

  • SHA1

    23118f74c14e3d76c6436168b79b513186cecd8b

  • SHA256

    801f13593959bf1d6d1a40eebe49ed579cf5ebc92d6ac6adc7516b5d1e087655

  • SHA512

    ebe51f0427ea841ba42aa71d522ef73938db1496dabd80dcd1bf32828fb1ddb0e49a546afb2bfcb50a00e2f741b4f4a5b09ba84b5d49fa3df308b9f013026314

  • SSDEEP

    3072:HSw3AZSJc+yRiJlGK13FZgJ37TGVdhCvcwoXjsr5kZcn5lvgNDDghUxvxwxSd:yo48HngAZgN7Tga09T4hn5m/PxvWY

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      801f13593959bf1d6d1a40eebe49ed579cf5ebc92d6ac6adc7516b5d1e087655.doc

    • Size

      267KB

    • MD5

      9d637146675b8bac3609bee390834f11

    • SHA1

      23118f74c14e3d76c6436168b79b513186cecd8b

    • SHA256

      801f13593959bf1d6d1a40eebe49ed579cf5ebc92d6ac6adc7516b5d1e087655

    • SHA512

      ebe51f0427ea841ba42aa71d522ef73938db1496dabd80dcd1bf32828fb1ddb0e49a546afb2bfcb50a00e2f741b4f4a5b09ba84b5d49fa3df308b9f013026314

    • SSDEEP

      3072:HSw3AZSJc+yRiJlGK13FZgJ37TGVdhCvcwoXjsr5kZcn5lvgNDDghUxvxwxSd:yo48HngAZgN7Tga09T4hn5m/PxvWY

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks