Emotet Office (OLE) / .DOCX malware analysis — malicious · 7754428c05c3bd2a

MALICIOUS

Office (OLE) / .DOCX

155.8 KB Created: 2020-12-28 15:43:00 Authoring application: Microsoft Office Word

MD5: d1ce81945520bd0fc76e49e430536676 SHA-1: 230f70ade7a71da14aec4bf13ced6b0abefdd57b SHA-256: 7754428c05c3bd2a2f43150b5e0b1553924c5e5ef9d939fd456a96fc69657389

70 Risk Score

Malware Insights

Emotet · confidence 90%

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The critical ClamAV heuristic identifies the file as 'Doc.Downloader.EmotetRed02224-9938637-0', strongly suggesting Emotet family involvement. Although no VBA macros were found to be executable, the presence of embedded URLs and the file's classification as a downloader indicate its primary function is to fetch and execute a secondary payload. This aligns with common Emotet distribution tactics.

Heuristics 3

ClamAV: Doc.Downloader.EmotetRed02224-9938637-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Downloader.EmotetRed02224-9938637-0
VBA project contains no executable statements low OLE_VBA_MACROS

Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main

Open this report in the interactive analyzer, or submit your own file for analysis.