Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    667b2a5c8b1d3f4f93e3a2c5e4dd70cc415dbe8b58ede65a9e6f3c7b2458e97e

  • Size

    84KB

  • Sample

    220113-y9nhyscdfm

  • MD5

    c691f4ebd6bd3bb119df46580d3e1856

  • SHA1

    04f7e0487d9d3f5312863d3555038a6c072db347

  • SHA256

    667b2a5c8b1d3f4f93e3a2c5e4dd70cc415dbe8b58ede65a9e6f3c7b2458e97e

  • SHA512

    c807dae75900c281eddf4d5a302dc57f8af3561947a154c0ba76f0fd68d47d3c3a3730deaa0cf05a9a9c85da1b338b24428d234419eadb3cb6cc38244390beb9

Score
10/10
macrosuricataxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://test.la-boticaria.com/wp-content/xAQZIPYs1tavxAz/
xlm40.dropper

http://bestwifirouterreview.xyz/wp-includes/QxPfnh/
xlm40.dropper

http://ostadsarma.com/wp-admin/AwgHPLcO8tWz0NqJq16/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://test.la-boticaria.com/wp-content/xAQZIPYs1tavxAz/

Targets

    • Target

      667b2a5c8b1d3f4f93e3a2c5e4dd70cc415dbe8b58ede65a9e6f3c7b2458e97e

    • Size

      84KB

    • MD5

      c691f4ebd6bd3bb119df46580d3e1856

    • SHA1

      04f7e0487d9d3f5312863d3555038a6c072db347

    • SHA256

      667b2a5c8b1d3f4f93e3a2c5e4dd70cc415dbe8b58ede65a9e6f3c7b2458e97e

    • SHA512

      c807dae75900c281eddf4d5a302dc57f8af3561947a154c0ba76f0fd68d47d3c3a3730deaa0cf05a9a9c85da1b338b24428d234419eadb3cb6cc38244390beb9

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks