General
-
Target
7a48ef5810768af153b1896c2a773acf048513a0fd1df2984cc6347c4b071192.doc
-
Size
170KB
-
Sample
200728-hma9y9n99s
-
MD5
611e1fde7d6a044d9fab66ad6d63bda0
-
SHA1
eae24ec7f4cc756cbbcdecfebe0b73ce84350024
-
SHA256
7a48ef5810768af153b1896c2a773acf048513a0fd1df2984cc6347c4b071192
-
SHA512
e28bd6171fed93bf8eeb4b895aa0a42d46fb6be10f00ff9fda7003e301e90c95313bbbd1a476e0b73bf24e82bd961b3487a536197acd38fb4a6ed447716aee9d
Malware Config
Extracted
http://megasolucoesti.com/css/8xbi/
https://matuteroofing.com/j-folder/2ZdI48222/
http://mediainmedia.com/upload/xtmvg46/
http://mgregoire.net/cgi-bin/095d075/
http://www.mobialive.com/onlineshopping/XLccr/
Extracted
emotet
Epoch1
179.60.229.168:443
185.94.252.13:443
189.218.165.63:80
77.90.136.129:8080
217.199.160.224:7080
104.131.41.185:8080
2.47.112.152:80
185.94.252.27:443
186.250.52.226:8080
51.255.165.160:8080
68.183.170.114:8080
191.99.160.58:80
104.131.103.37:8080
181.31.211.181:80
202.62.39.111:80
83.169.21.32:7080
87.106.46.107:8080
72.47.248.48:7080
177.75.143.112:443
190.17.195.202:80
Targets
-
-
Target
7a48ef5810768af153b1896c2a773acf048513a0fd1df2984cc6347c4b071192.doc
-
Size
170KB
-
MD5
611e1fde7d6a044d9fab66ad6d63bda0
-
SHA1
eae24ec7f4cc756cbbcdecfebe0b73ce84350024
-
SHA256
7a48ef5810768af153b1896c2a773acf048513a0fd1df2984cc6347c4b071192
-
SHA512
e28bd6171fed93bf8eeb4b895aa0a42d46fb6be10f00ff9fda7003e301e90c95313bbbd1a476e0b73bf24e82bd961b3487a536197acd38fb4a6ed447716aee9d
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-