Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2a43f2180ac8723fc79222c637ad6743128611c7c89843cec720bd884dd1b72f

  • Size

    83KB

  • Sample

    220111-17cpsahheq

  • MD5

    d7422d7a6d95d052bacbd0b526938aee

  • SHA1

    4845c7978ce1144b321084ca896f7b7bfb4654f2

  • SHA256

    2a43f2180ac8723fc79222c637ad6743128611c7c89843cec720bd884dd1b72f

  • SHA512

    4725afcffbd7ffef4b7e2a3d063943cac16ca32d24c70eab513ee83ecaed4bbad40354f521aa05d8cea1dbf332bc11f5302431ce0f9f0c644e2eb022e1d3bb90

Score
10/10
macrosuricataxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.be-pu.com/4.hana/Y1XWpb1zWMRD/
xlm40.dropper

https://josephinebaba.com/licenses/7Doxdg/
xlm40.dropper

http://bestwifirouterreview.xyz/wp-includes/css/uyC/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.be-pu.com/4.hana/Y1XWpb1zWMRD/

Targets

    • Target

      2a43f2180ac8723fc79222c637ad6743128611c7c89843cec720bd884dd1b72f

    • Size

      83KB

    • MD5

      d7422d7a6d95d052bacbd0b526938aee

    • SHA1

      4845c7978ce1144b321084ca896f7b7bfb4654f2

    • SHA256

      2a43f2180ac8723fc79222c637ad6743128611c7c89843cec720bd884dd1b72f

    • SHA512

      4725afcffbd7ffef4b7e2a3d063943cac16ca32d24c70eab513ee83ecaed4bbad40354f521aa05d8cea1dbf332bc11f5302431ce0f9f0c644e2eb022e1d3bb90

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks