Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4ab41fa48cb03ac55da7c05e857ea1b5a88a2b31cde074f3036f6129662a10f

  • Size

    113KB

  • Sample

    220111-thd3zsgdel

  • MD5

    d8ff65d5d73710d9ca0e52bd62e2fdc8

  • SHA1

    43ed27a13cd60ede549c9eb3f3be383474539f21

  • SHA256

    d4ab41fa48cb03ac55da7c05e857ea1b5a88a2b31cde074f3036f6129662a10f

  • SHA512

    11862cfb48268064f7cc292d377158f2b27fab93c41ce6bbcf37ab3ee99d042d8a7b39c7a59f0522315cb78369d3bdb8f5c20c8c3b90dfaa2b46836b2285873d

Score
10/10
macrosuricataxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://gaidov.bg/wp-includes/Ug/
xlm40.dropper

http://studiokrishnaproduction.com/wp-includes/3mJ/
xlm40.dropper

http://goodmarketinggroup.com/live_site/Y9cEk9QNlDUeg/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://gaidov.bg/wp-includes/Ug/

Targets

    • Target

      d4ab41fa48cb03ac55da7c05e857ea1b5a88a2b31cde074f3036f6129662a10f

    • Size

      113KB

    • MD5

      d8ff65d5d73710d9ca0e52bd62e2fdc8

    • SHA1

      43ed27a13cd60ede549c9eb3f3be383474539f21

    • SHA256

      d4ab41fa48cb03ac55da7c05e857ea1b5a88a2b31cde074f3036f6129662a10f

    • SHA512

      11862cfb48268064f7cc292d377158f2b27fab93c41ce6bbcf37ab3ee99d042d8a7b39c7a59f0522315cb78369d3bdb8f5c20c8c3b90dfaa2b46836b2285873d

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks