Overview

overview

10

Static

static

8

emotet_64.doc

windows7-x64

10

emotet_64.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8a0337f884939e07ffdda1c7ffeadaab_JaffaCakes118

  • Size

    104KB

  • Sample

    240601-k9wmnshd32

  • MD5

    8a0337f884939e07ffdda1c7ffeadaab

  • SHA1

    fe4221509f5e037eedb6c58dc189cc46951dd38f

  • SHA256

    08aabba1a90632dd3dea39c93e4ee8362e000fa5df074b10c6c4d2e9fbab54d2

  • SHA512

    36a958c55f7dbd0d0f1e52a7a46b4a3dc5879ee893f97241c3b60408910eb1ac9c5d6b24e85ec13908cab20eb464bdf9afddc7b86b8bd32ace550b7e1d3e0db8

  • SSDEEP

    1536:qG4PeLNPQxRZEF1VI3KyV2FryJammLBttYvaOfb3fwsege0mZrDIi6CD3t1beb:/4ENURE/wI/3lNM3osege0mZre+beb

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://nikitinskysport.ru/R5ytZ/
exe.dropper

http://beauty-tea.com/hB2JAMO/
exe.dropper

http://zekiatagur.com/gCWu/
exe.dropper

http://arkonziv.com/Site7_Pixelhobbies/iV1PKqL/

Targets

    • Target

      emotet_64.doc

    • Size

      180KB

    • MD5

      69b50cf495f52ceb5e3cbc26be0df1cb

    • SHA1

      3b3b8b489588b1ed21202e6f8fff3d15abbdd37a

    • SHA256

      74bac23bf452becf85cb38ee649a6c16dfa9f495455c2b5b873c47f0d71dbfd8

    • SHA512

      4c98c73ae91c396693d9594c1dc38afdddfc255ad4f7a07e9b5a00f4712575d4dcce141bc5efc9b5c0e172710449590c572d7bd34d47ea608b1d3f1a435cb54d

    • SSDEEP

      3072:C5083hrYbbYZD2zGT9nVBZRcQPh1gbrqy2o+AbfBcbD37fVbe8:CdhsbbYZD2KTFVBZ2Qqrqy26dwD37

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks