Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08f4133865fa8c1f178159bd516a53cdae4e3a980e273ab9cac3d2f8964d6a98

  • Size

    83KB

  • Sample

    220115-fqatmsdadk

  • MD5

    c0870d356e8152ed4f29cf722ad17226

  • SHA1

    e34bef3eff98785e44eaacdccd045716716c43f8

  • SHA256

    08f4133865fa8c1f178159bd516a53cdae4e3a980e273ab9cac3d2f8964d6a98

  • SHA512

    9ae78aa91b5ac6bd57a99841ab020110e90ef3782be77f52118abd302f0811b43aa752b1d9a28f2248f2e819a074a6f74ed20dac5076ee58d2c7d7c6a2303cfb

Score
10/10
macrosuricataxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://zml.laneso.com/packet/AlvJ8OdtSYEeeCQP/
xlm40.dropper

http://ostadsarma.com/wp-admin/JNgASjNC/
xlm40.dropper

http://govtjobresultbd.xyz/sjjz/UIUhOHsLqjOy9/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://zml.laneso.com/packet/AlvJ8OdtSYEeeCQP/
xlm40.dropper

http://ostadsarma.com/wp-admin/JNgASjNC/

Targets

    • Target

      08f4133865fa8c1f178159bd516a53cdae4e3a980e273ab9cac3d2f8964d6a98

    • Size

      83KB

    • MD5

      c0870d356e8152ed4f29cf722ad17226

    • SHA1

      e34bef3eff98785e44eaacdccd045716716c43f8

    • SHA256

      08f4133865fa8c1f178159bd516a53cdae4e3a980e273ab9cac3d2f8964d6a98

    • SHA512

      9ae78aa91b5ac6bd57a99841ab020110e90ef3782be77f52118abd302f0811b43aa752b1d9a28f2248f2e819a074a6f74ed20dac5076ee58d2c7d7c6a2303cfb

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks