General
-
Target
5af425ee29c2ee4cbba1fd5422820fac2031661cd7d330abc3095b5bf4b5f4cf.doc
-
Size
170KB
-
Sample
200729-2e6mva8ep2
-
MD5
4cab25a9b9f1387aa9f6a8d60207df5b
-
SHA1
ffa4422e55133bf75176251f506ff5f51f51a630
-
SHA256
5af425ee29c2ee4cbba1fd5422820fac2031661cd7d330abc3095b5bf4b5f4cf
-
SHA512
ae3eb7e1ddb2675603283e67add4bf59dad0f575518344eb608f7bfd2a707a81d22116b9d7547fcf6bdeb22b4b5af3b4a8d328e0a61d0523e91c447d2a1386cd
Malware Config
Extracted
https://mossfs.com.au/wp-content/fVrTuWOb/
https://rtisistemas.com.br/jdetsob/Ov3a8106w4g7x17030547/
http://slbqms.co.ls/cgi-bin/CHrsuXU/
http://sertcom.net/_vti_bin/LiUoBmTHW/
http://skpsoft.com/wp-admin/YnsFh/
Extracted
emotet
Epoch3
177.37.81.212:443
74.207.230.187:8080
190.164.75.175:80
87.252.100.28:80
105.209.239.55:80
163.172.107.70:8080
37.208.106.146:8080
24.157.25.203:80
212.112.113.235:80
140.207.113.106:443
75.139.38.211:80
192.210.217.94:8080
46.49.124.53:80
75.127.14.170:8080
87.106.231.60:8080
139.59.12.63:8080
181.167.35.84:80
201.214.108.231:80
74.208.173.91:8080
189.146.1.78:443
Targets
-
-
Target
5af425ee29c2ee4cbba1fd5422820fac2031661cd7d330abc3095b5bf4b5f4cf.doc
-
Size
170KB
-
MD5
4cab25a9b9f1387aa9f6a8d60207df5b
-
SHA1
ffa4422e55133bf75176251f506ff5f51f51a630
-
SHA256
5af425ee29c2ee4cbba1fd5422820fac2031661cd7d330abc3095b5bf4b5f4cf
-
SHA512
ae3eb7e1ddb2675603283e67add4bf59dad0f575518344eb608f7bfd2a707a81d22116b9d7547fcf6bdeb22b4b5af3b4a8d328e0a61d0523e91c447d2a1386cd
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-