General
-
Target
88b9aa3c90a28ecdd7adf28ea12e316d3b2c8a7086d315f97a2e62a77abd49af.doc
-
Size
170KB
-
Sample
200729-8tm8mzj5de
-
MD5
f49b4d134476d19dcc417036db84d5ed
-
SHA1
076fe5d8a16d8cb7e4d17d8a059997f67da3b2c4
-
SHA256
88b9aa3c90a28ecdd7adf28ea12e316d3b2c8a7086d315f97a2e62a77abd49af
-
SHA512
ce5f69bd2ae45198aa8bb37b2a1d1b4fe0a63075b8faf57f6856eb368e825b8f0b45488a9a6ceb4dc1df1db6a051a60b5694cecce75433c3077071418c8499f9
Malware Config
Extracted
https://mossfs.com.au/wp-content/fVrTuWOb/
https://rtisistemas.com.br/jdetsob/Ov3a8106w4g7x17030547/
http://slbqms.co.ls/cgi-bin/CHrsuXU/
http://sertcom.net/_vti_bin/LiUoBmTHW/
http://skpsoft.com/wp-admin/YnsFh/
Extracted
emotet
Epoch3
177.37.81.212:443
74.207.230.187:8080
190.164.75.175:80
87.252.100.28:80
105.209.239.55:80
163.172.107.70:8080
37.208.106.146:8080
24.157.25.203:80
212.112.113.235:80
140.207.113.106:443
75.139.38.211:80
192.210.217.94:8080
46.49.124.53:80
75.127.14.170:8080
87.106.231.60:8080
139.59.12.63:8080
181.167.35.84:80
201.214.108.231:80
74.208.173.91:8080
189.146.1.78:443
Targets
-
-
Target
88b9aa3c90a28ecdd7adf28ea12e316d3b2c8a7086d315f97a2e62a77abd49af.doc
-
Size
170KB
-
MD5
f49b4d134476d19dcc417036db84d5ed
-
SHA1
076fe5d8a16d8cb7e4d17d8a059997f67da3b2c4
-
SHA256
88b9aa3c90a28ecdd7adf28ea12e316d3b2c8a7086d315f97a2e62a77abd49af
-
SHA512
ce5f69bd2ae45198aa8bb37b2a1d1b4fe0a63075b8faf57f6856eb368e825b8f0b45488a9a6ceb4dc1df1db6a051a60b5694cecce75433c3077071418c8499f9
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-