General

  • Target

    Documento.xls

  • Size

    40KB

  • Sample

    220512-lfbk3sbhb3

  • MD5

    bf1a84bcee85983c92040cc52a43dd17

  • SHA1

    eedb1bbdc50095d087ac9fd3eb0e4695217c6d0d

  • SHA256

    bcb53af88c2eb7a3e04c8874854a6c4fc0a2b9890ed39cc4bc9c1f7ef6380563

  • SHA512

    fab1981d877b6bbb041723e1d19b4c019413e447ba193b5bd1a2f0b59ad8cbfbf9e54e06b6fed407ac82f03bec84ca6ba5fa0aba5aa0d4cd792c1da4632eb860

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.itesmeitic.com/term/IFjx5ElE0ldr8wDDHjub/

Targets

    • Target

      Documento.xls

    • Size

      40KB

    • MD5

      bf1a84bcee85983c92040cc52a43dd17

    • SHA1

      eedb1bbdc50095d087ac9fd3eb0e4695217c6d0d

    • SHA256

      bcb53af88c2eb7a3e04c8874854a6c4fc0a2b9890ed39cc4bc9c1f7ef6380563

    • SHA512

      fab1981d877b6bbb041723e1d19b4c019413e447ba193b5bd1a2f0b59ad8cbfbf9e54e06b6fed407ac82f03bec84ca6ba5fa0aba5aa0d4cd792c1da4632eb860

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks