Emotet Being Distributed in Korea via Excel Files - ASEC BLOG
Tags
attack-pattern: Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Powershell - T1086 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID 83f435fc-f2dd-4630-bfea-b497f670cb3b
Fingerprint a643bc430977032e
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 10, 2022, 10:46 a.m.
Added to db Sept. 11, 2022, 4:59 p.m.
Last updated Oct. 16, 2024, 2:46 a.m.
Headline Emotet Being Distributed in Korea via Excel Files
Title Emotet Being Distributed in Korea via Excel Files - ASEC BLOG
Detected Hints/Tags/Attributes 28/1/13
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/31313/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
Attributes
Details Type #Events CTI Value
Details File 1 
scan_2456321.xlsx
Details File 1 
4968839233806560.xls
Details File 1 
wetidjks.vbs
Details File 1 
jledshf.bat
Details File 18 
c:\windows\syswow64\rundll32.exe
Details File 1 
c:\programdata\vbkwk.dll
Details File 1 
vbkwk.dll
Details File 1 
xls.ps
Details md5 1 
8b7a08559eec18b8ccabe70289e67b94
Details md5 1 
c4f65501d52cbfa5d454d06309545720
Details md5 1 
c52358a4a8d0b09e98382e5ba4a143a4
Details md5 1 
c2de652b094b538070e754ee09f3c737
Details Url 1 
http://actividades.laforetlanguages.com/wp-admin/blkdokdxl/,http://sbcopylive.com.br/rjuz/w/,https://trasix.com/wp-admin/y5aa1jt0sp2qk/,https://www.parkinsons.co.in/abc/y6y0ftbueg6/,https://biz.merlin.ua/wp-admin/w6agtfsrzgt371dv/,http://bruckevn.site/3yztzzvh/nmy4wzfbyl/,https://pardiskood.com/wp-content/nr/,https://daujimaharajmandir.org/wp-includes/63de/,https://datasits.com/wp-includes/zkj4qo/,https://anugerahmasinternasional.co.id/wp-admin/sjbxe5i/,https://atmedic.cl/sistemas/3zbsuau/,https://anwaralbasateen.com/fox-c404/mdhkfgebmrzmgkby/".split