Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    792a7b8e75aa51f90c66ee711faf429dfe3220b038cc3725ee935083fcb60e0f

  • Size

    83KB

  • Sample

    220113-2jy4jsdadk

  • MD5

    7a289586cef7787e334abefa7601508c

  • SHA1

    f4d6bb8ffcd38e7b9f8d31c7a442f0388cfe5602

  • SHA256

    792a7b8e75aa51f90c66ee711faf429dfe3220b038cc3725ee935083fcb60e0f

  • SHA512

    d8b236deb1e722a3a724b587db0737fa2c9cf500817a32017300d6de7541e75a571b7813f0a78a4cad1d02af685ef6acf5522990b0372612de87edc0c4e00632

Score
10/10
macrosuricataxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://adi.iswks.com/assets/hO1v71pqfNN/
xlm40.dropper

http://kopbhawan.com/mdphht/fwqEBVQlJXHayt/
xlm40.dropper

http://towardsun.net/admin/dcg3jSLkPuYsQ5xB/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://adi.iswks.com/assets/hO1v71pqfNN/

Targets

    • Target

      792a7b8e75aa51f90c66ee711faf429dfe3220b038cc3725ee935083fcb60e0f

    • Size

      83KB

    • MD5

      7a289586cef7787e334abefa7601508c

    • SHA1

      f4d6bb8ffcd38e7b9f8d31c7a442f0388cfe5602

    • SHA256

      792a7b8e75aa51f90c66ee711faf429dfe3220b038cc3725ee935083fcb60e0f

    • SHA512

      d8b236deb1e722a3a724b587db0737fa2c9cf500817a32017300d6de7541e75a571b7813f0a78a4cad1d02af685ef6acf5522990b0372612de87edc0c4e00632

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks