General
-
Target
4e414cc37678eae442ea1afb91809f3d0b26f5ca6ca134dfef8789e6d4529bf5.doc
-
Size
168KB
-
Sample
200729-8hnq3g1ypa
-
MD5
39b9e87c7d2ca5f037b913df6faeb45e
-
SHA1
325d90d8ccabc75f9d9ae3e924fda480a8df0e9d
-
SHA256
4e414cc37678eae442ea1afb91809f3d0b26f5ca6ca134dfef8789e6d4529bf5
-
SHA512
43f5f4f3541fb47ae1ffbe3c591db0677db6f1c19a42a518c97c81e2f14145bd0deb0cf86b2968f8b1c489c129cc1493163b24295addd67f5494e19ddf218d08
Malware Config
Extracted
https://mossfs.com.au/wp-content/fVrTuWOb/
https://rtisistemas.com.br/jdetsob/Ov3a8106w4g7x17030547/
http://slbqms.co.ls/cgi-bin/CHrsuXU/
http://sertcom.net/_vti_bin/LiUoBmTHW/
http://skpsoft.com/wp-admin/YnsFh/
Extracted
emotet
Epoch3
177.37.81.212:443
74.207.230.187:8080
190.164.75.175:80
87.252.100.28:80
105.209.239.55:80
163.172.107.70:8080
37.208.106.146:8080
24.157.25.203:80
212.112.113.235:80
140.207.113.106:443
75.139.38.211:80
192.210.217.94:8080
46.49.124.53:80
75.127.14.170:8080
87.106.231.60:8080
139.59.12.63:8080
181.167.35.84:80
201.214.108.231:80
74.208.173.91:8080
189.146.1.78:443
Targets
-
-
Target
4e414cc37678eae442ea1afb91809f3d0b26f5ca6ca134dfef8789e6d4529bf5.doc
-
Size
168KB
-
MD5
39b9e87c7d2ca5f037b913df6faeb45e
-
SHA1
325d90d8ccabc75f9d9ae3e924fda480a8df0e9d
-
SHA256
4e414cc37678eae442ea1afb91809f3d0b26f5ca6ca134dfef8789e6d4529bf5
-
SHA512
43f5f4f3541fb47ae1ffbe3c591db0677db6f1c19a42a518c97c81e2f14145bd0deb0cf86b2968f8b1c489c129cc1493163b24295addd67f5494e19ddf218d08
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-