Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6913af2de9271a92bd9c7c9afe4923a08f237459d7e1e03d171e96fa291e39ee

  • Size

    83KB

  • Sample

    220111-vxlxtagfhk

  • MD5

    2d4926a62674ed003b4f0c0539e5da34

  • SHA1

    1c8e7d26be6323a676314dc027241a2f78a2b1c2

  • SHA256

    6913af2de9271a92bd9c7c9afe4923a08f237459d7e1e03d171e96fa291e39ee

  • SHA512

    127529410f0c8b84364e7d0270c118e80a0fdf06fdd6c56963597f64904fe36f16794e6ebebb68bf29086c52656553d5f00b779983a0dd64559094538e677b50

Score
10/10
macrosuricataxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://unifiedpharma.com/wp-admin/ildi5K2aTIrdvEobQ/
xlm40.dropper

https://kauffmancreates.com/images/G8050LVq/
xlm40.dropper

https://sanagrafix.com/udll/fki4w1vFApT4Rwjp1R/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://unifiedpharma.com/wp-admin/ildi5K2aTIrdvEobQ/

Targets

    • Target

      6913af2de9271a92bd9c7c9afe4923a08f237459d7e1e03d171e96fa291e39ee

    • Size

      83KB

    • MD5

      2d4926a62674ed003b4f0c0539e5da34

    • SHA1

      1c8e7d26be6323a676314dc027241a2f78a2b1c2

    • SHA256

      6913af2de9271a92bd9c7c9afe4923a08f237459d7e1e03d171e96fa291e39ee

    • SHA512

      127529410f0c8b84364e7d0270c118e80a0fdf06fdd6c56963597f64904fe36f16794e6ebebb68bf29086c52656553d5f00b779983a0dd64559094538e677b50

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks