Extracted

• • Target

    26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5

  • Size

    203KB

  • MD5

    3f27a3e06a8dbeb16ecf0dde173d1924

  • SHA1

    a1a679288523857f1d304a7d4ce08f2c3cfc9a37

  • SHA256

    26de80e3bbbe1f053da4131ca7a405644b7443356ec97d48517f1ab86d5f1ca5

  • SHA512

    923b28f1acf8cac626f683bc98e116ed304b6b8f5e4f38026d955dda3a91829a73d7fcc45c6be19908fb07dc2d173b30e6b2721d14cb58f0271aa3328f557dad

  • SSDEEP

    6144:P8AO4pC8pN7tpTBOI+VHSfXTWMfHaR5f:0AO16ZPTWM/aR

  Score

  10^/10

  emotetbankerdiscoveryexecutiontrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution
  behavioral1behavioral2