2023-03-17-Emotet-malware-samples[.]zip

Sharing

Target

2023-03-17-Emotet-malware-samples.zip
Size

4.8MB
MD5

8af138cf4f2e730d4e9249e0dc755c07
SHA1

054cfa0f33768206b2557b092a0e87ae0163a2db
SHA256

239ef6d53cade1d87bbe2407b8d78ce99e094147877da0de499322ab7dfc6b2b
SHA512

fc698c732d91f1987e4dfd82ff645a0b69f3aeb7786836ffdcbc948c00455a2cb90381bffaac516cc6afcbd31e3308dd4cd8ef4ef95c797cc6fe741f78598055
SSDEEP

98304:jCrQ+7L5ioBhKtOXGhFXDNE7+FxNGEtPAdZ9Km/WkzqbZh:20+7UoGOWhDi+zNGuYre5h

Score

8^/10

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

Processes:

resource	yara_rule
static1/unpack002/A 2618033.doc	office_macro_on_action

Suspicious Office macro 1 IoCs
Office document equipped with macros.
macro

Processes:

resource

static1/unpack002/A 2618033.doc

resource
static1/unpack002/A 2618033.doc

2023-03-17-Emotet-malware-samples.zip
.zip

Password: infected
01-attachments-3-examples/A 2618033.zip
.zip
A 2618033.doc
.doc windows office2003

ThisDocument

Module1
01-attachments-3-examples/Message 167168370508.one
.one
01-attachments-3-examples/Untitled_608.zip
.zip
02-embedded-JS-file-from-OneNote-doc/output1.js
.js
03-downloaded-zips-with-inflated-Emote-DLLs-4-examples/6AfEa8G0W8NOtUh7hqFj.zip
.zip
03-downloaded-zips-with-inflated-Emote-DLLs-4-examples/Ac8wwulKxqZjc.zip
.zip
03-downloaded-zips-with-inflated-Emote-DLLs-4-examples/O1uPzXd2YscA.zip
.zip
03-downloaded-zips-with-inflated-Emote-DLLs-4-examples/TKK8yKdEvyYAbBE5avb.zip
.zip