Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e58cd1fc646d37b9fd8040d9f7f4110bb07cbdadb1f5dd4a55413acacd33807d

  • Size

    118KB

  • Sample

    220112-ej8awsbbfr

  • MD5

    0f2bd22e41ca408211f2fcfbf4d05645

  • SHA1

    e396920d9f3ddaa9c1c25325794dc1cc9d5d860f

  • SHA256

    e58cd1fc646d37b9fd8040d9f7f4110bb07cbdadb1f5dd4a55413acacd33807d

  • SHA512

    75de138b42573b73253ca721cc2727ffcf0e0ce4336866e8e952380b3749ec7064a65ae6984ecd0f3d00e8784f40a2e00fe00fd18b78a60b4b54e888aacdd3fb

Score
10/10
macrosuricataxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.cuneytkocas.com/wp-content/VSnofpES1wO2CcVob/
xlm40.dropper

http://towardsun.net/admin/BYGGkrYAnT/
xlm40.dropper

http://k-antiques.jp/wp-includes/SCYdA6TLohYk2/

Targets

    • Target

      e58cd1fc646d37b9fd8040d9f7f4110bb07cbdadb1f5dd4a55413acacd33807d

    • Size

      118KB

    • MD5

      0f2bd22e41ca408211f2fcfbf4d05645

    • SHA1

      e396920d9f3ddaa9c1c25325794dc1cc9d5d860f

    • SHA256

      e58cd1fc646d37b9fd8040d9f7f4110bb07cbdadb1f5dd4a55413acacd33807d

    • SHA512

      75de138b42573b73253ca721cc2727ffcf0e0ce4336866e8e952380b3749ec7064a65ae6984ecd0f3d00e8784f40a2e00fe00fd18b78a60b4b54e888aacdd3fb

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks