General
-
Target
emotet_e2_eb11c0db3709ec548111c9a73f9f42712d81eb94d097b939a860ec951ebd699b_2020-07-28__182917._doc
-
Size
169KB
-
Sample
200728-3tx765jw6n
-
MD5
3f4b01d023886b7e612ebccf9df692e3
-
SHA1
bd5ec687740875bb807c0b8993d0608cbf23c341
-
SHA256
eb11c0db3709ec548111c9a73f9f42712d81eb94d097b939a860ec951ebd699b
-
SHA512
c7c983eff16ef2b2d3219cf6fb9f3614175f0de9c21426a001a936f0caee166a74b303e586bb32fa4d7d5b99d438313dab75a56c1ace3d2ac18db56ff493bfbe
Malware Config
Extracted
http://bunchproperties.com/lyhvmiq/s_ia_4uaq/
http://badeggdesign.com/cgi-bin/nxr5_o_d6vmj/
http://calledtochange.org/calledtochange/0_76zqg_bwnxpr84/
http://www.cinefamily.org/phpMyAdmin-4.7.9-all-languages/5um_oot_hz8/
http://bodbderg.net/wp-admin/ogfv5_4_x2l/
Extracted
emotet
Epoch2
76.27.179.47:80
212.51.142.238:8080
189.212.199.126:443
61.19.246.238:443
162.154.38.103:80
91.211.88.52:7080
83.110.223.58:443
124.45.106.173:443
116.203.32.252:8080
109.117.53.230:443
5.196.74.210:8080
75.139.38.211:80
168.235.67.138:7080
176.111.60.55:8080
169.239.182.217:8080
74.208.45.104:8080
31.31.77.83:443
222.214.218.37:4143
37.139.21.175:8080
91.205.215.66:443
Targets
-
-
Target
emotet_e2_eb11c0db3709ec548111c9a73f9f42712d81eb94d097b939a860ec951ebd699b_2020-07-28__182917._doc
-
Size
169KB
-
MD5
3f4b01d023886b7e612ebccf9df692e3
-
SHA1
bd5ec687740875bb807c0b8993d0608cbf23c341
-
SHA256
eb11c0db3709ec548111c9a73f9f42712d81eb94d097b939a860ec951ebd699b
-
SHA512
c7c983eff16ef2b2d3219cf6fb9f3614175f0de9c21426a001a936f0caee166a74b303e586bb32fa4d7d5b99d438313dab75a56c1ace3d2ac18db56ff493bfbe
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-