General
-
Target
emotet_e2_f01b3323117582e282add297541e14c3b0d359ab03af884367f2d4c562750425_2020-07-29__013840._doc
-
Size
175KB
-
Sample
200729-tvta5c1rw2
-
MD5
86bda082b34f48b9d6d3e26262e6b465
-
SHA1
989d109900d6064873bc0d469f6585d9fe41475a
-
SHA256
f01b3323117582e282add297541e14c3b0d359ab03af884367f2d4c562750425
-
SHA512
8132ecd81d4a950c03933e2ce459a049c3739630918050bd8e264ca436d45473489ca42e4f4369f6ef7885970ae99144767f146195e620995184ce57c1530918
Malware Config
Extracted
http://fishbitedesign.com/delete_me/aq_no3_pixel079b/
http://floridoweddings.com/wp-admin/1_fb_3rv7z6mr/
http://floydswoodshop.com/floydswo/nn_g5_0s/
http://fmcav.com/images/tihvt_5d_3znqq/
http://goharm.com/wp-content/plugins/classic-editor/7b_k5_bo4lrnbmo6/
Extracted
emotet
Epoch2
76.27.179.47:80
212.51.142.238:8080
189.212.199.126:443
61.19.246.238:443
162.154.38.103:80
91.211.88.52:7080
83.110.223.58:443
124.45.106.173:443
116.203.32.252:8080
109.117.53.230:443
5.196.74.210:8080
75.139.38.211:80
168.235.67.138:7080
176.111.60.55:8080
169.239.182.217:8080
74.208.45.104:8080
31.31.77.83:443
222.214.218.37:4143
37.139.21.175:8080
91.205.215.66:443
Targets
-
-
Target
emotet_e2_f01b3323117582e282add297541e14c3b0d359ab03af884367f2d4c562750425_2020-07-29__013840._doc
-
Size
175KB
-
MD5
86bda082b34f48b9d6d3e26262e6b465
-
SHA1
989d109900d6064873bc0d469f6585d9fe41475a
-
SHA256
f01b3323117582e282add297541e14c3b0d359ab03af884367f2d4c562750425
-
SHA512
8132ecd81d4a950c03933e2ce459a049c3739630918050bd8e264ca436d45473489ca42e4f4369f6ef7885970ae99144767f146195e620995184ce57c1530918
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-