Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e8ce0cc50fd08d99f52b88b9ab52e256e657f01b66a5de5a525c35ad1effbf7

  • Size

    83KB

  • Sample

    220111-2vxpvsabbk

  • MD5

    92332bf878cb9442542c4231a6736305

  • SHA1

    c0f132710e37fb501474b343400b34baac407192

  • SHA256

    4e8ce0cc50fd08d99f52b88b9ab52e256e657f01b66a5de5a525c35ad1effbf7

  • SHA512

    ab9a77b8256b0e3cc1da19e122a5b43e53e08628cfd2f4e86cfe17e3c7ab387a1cf514243e47c47bae61a50c33000f8c5558fd664dbf48486cb7e99b1d68041d

Score
10/10
macrosuricataxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.be-pu.com/4.hana/Y1XWpb1zWMRD/
xlm40.dropper

https://josephinebaba.com/licenses/7Doxdg/
xlm40.dropper

http://bestwifirouterreview.xyz/wp-includes/css/uyC/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.be-pu.com/4.hana/Y1XWpb1zWMRD/

Targets

    • Target

      4e8ce0cc50fd08d99f52b88b9ab52e256e657f01b66a5de5a525c35ad1effbf7

    • Size

      83KB

    • MD5

      92332bf878cb9442542c4231a6736305

    • SHA1

      c0f132710e37fb501474b343400b34baac407192

    • SHA256

      4e8ce0cc50fd08d99f52b88b9ab52e256e657f01b66a5de5a525c35ad1effbf7

    • SHA512

      ab9a77b8256b0e3cc1da19e122a5b43e53e08628cfd2f4e86cfe17e3c7ab387a1cf514243e47c47bae61a50c33000f8c5558fd664dbf48486cb7e99b1d68041d

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks