General
-
Target
emotet_e2_7c0d398298f8a56ad9ec3dcd76f6d3d3ec37d0235722697cf910b162f5c46ed2_2020-07-29__000603._doc
-
Size
175KB
-
Sample
200729-v9vq8h2cf6
-
MD5
382dd489dddcafec116d2bd839b383a7
-
SHA1
c6035d1c8f9685101d1b256c0d13312b469f0818
-
SHA256
7c0d398298f8a56ad9ec3dcd76f6d3d3ec37d0235722697cf910b162f5c46ed2
-
SHA512
cc953fb161be46a8445aee52c3ac6a2083e8ebfc322a582dbde59bc910a353221e61e2d16cc0b7a5e237dd0dd0e46946a2cc8724654a1b0a925b76cc3b9be86e
Malware Config
Extracted
http://fishbitedesign.com/delete_me/aq_no3_pixel079b/
http://floridoweddings.com/wp-admin/1_fb_3rv7z6mr/
http://floydswoodshop.com/floydswo/nn_g5_0s/
http://fmcav.com/images/tihvt_5d_3znqq/
http://goharm.com/wp-content/plugins/classic-editor/7b_k5_bo4lrnbmo6/
Extracted
emotet
Epoch2
76.27.179.47:80
212.51.142.238:8080
189.212.199.126:443
61.19.246.238:443
162.154.38.103:80
91.211.88.52:7080
83.110.223.58:443
124.45.106.173:443
116.203.32.252:8080
109.117.53.230:443
5.196.74.210:8080
75.139.38.211:80
168.235.67.138:7080
176.111.60.55:8080
169.239.182.217:8080
74.208.45.104:8080
31.31.77.83:443
222.214.218.37:4143
37.139.21.175:8080
91.205.215.66:443
Targets
-
-
Target
emotet_e2_7c0d398298f8a56ad9ec3dcd76f6d3d3ec37d0235722697cf910b162f5c46ed2_2020-07-29__000603._doc
-
Size
175KB
-
MD5
382dd489dddcafec116d2bd839b383a7
-
SHA1
c6035d1c8f9685101d1b256c0d13312b469f0818
-
SHA256
7c0d398298f8a56ad9ec3dcd76f6d3d3ec37d0235722697cf910b162f5c46ed2
-
SHA512
cc953fb161be46a8445aee52c3ac6a2083e8ebfc322a582dbde59bc910a353221e61e2d16cc0b7a5e237dd0dd0e46946a2cc8724654a1b0a925b76cc3b9be86e
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-