Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8eb596f88bc2ba3ba62a765c607202109fa122dfb49673b6f34fdbcc921b34ee

  • Size

    83KB

  • Sample

    220113-h7yyxagdhr

  • MD5

    9668d5dd1e75ab9acacea35e3cb32084

  • SHA1

    ffd4f89c0a3ec3adb9a816d1a6a3aea3f648ee6d

  • SHA256

    8eb596f88bc2ba3ba62a765c607202109fa122dfb49673b6f34fdbcc921b34ee

  • SHA512

    cc59059828351348454cabbe2b21b3041d869b1d46bbef137b296a502d5b6cd41dacc346a6b0acc38d9f8e32df532ec32b8598a1d6e45fbdbdc948a95b5b310f

Score
10/10
macrosuricataxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://mammy-chiro.com/case/ZTkBzbz/
xlm40.dropper

http://bluetoothheadsetreview.xyz/wp-includes/xmdHAGgfki/
xlm40.dropper

http://topline36.xyz/wp-includes/css/BB9Ajvjs89U9O/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://mammy-chiro.com/case/ZTkBzbz/
xlm40.dropper

http://bluetoothheadsetreview.xyz/wp-includes/xmdHAGgfki/

Targets

    • Target

      8eb596f88bc2ba3ba62a765c607202109fa122dfb49673b6f34fdbcc921b34ee

    • Size

      83KB

    • MD5

      9668d5dd1e75ab9acacea35e3cb32084

    • SHA1

      ffd4f89c0a3ec3adb9a816d1a6a3aea3f648ee6d

    • SHA256

      8eb596f88bc2ba3ba62a765c607202109fa122dfb49673b6f34fdbcc921b34ee

    • SHA512

      cc59059828351348454cabbe2b21b3041d869b1d46bbef137b296a502d5b6cd41dacc346a6b0acc38d9f8e32df532ec32b8598a1d6e45fbdbdc948a95b5b310f

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks