General
-
Target
3c8c7014132cefc7b23e620b1742e102960b0baf8e1bd29fa53e330ba92de035.doc
-
Size
169KB
-
Sample
200729-vmvt8ny2rn
-
MD5
b94e35b51e3dfe6edc969c294bb7988c
-
SHA1
145db004396ed9d98699bded13a9c7de993f2e1f
-
SHA256
3c8c7014132cefc7b23e620b1742e102960b0baf8e1bd29fa53e330ba92de035
-
SHA512
34d9b1f9116083f88121968ae3e1d4fc69da47088f9fcbc34c1b79dfec1c2909ad908679992743142ac309dd0078bd4d47b4ac86b68256a20b70a0675bbdd6b7
Malware Config
Extracted
https://mossfs.com.au/wp-content/fVrTuWOb/
https://rtisistemas.com.br/jdetsob/Ov3a8106w4g7x17030547/
http://slbqms.co.ls/cgi-bin/CHrsuXU/
http://sertcom.net/_vti_bin/LiUoBmTHW/
http://skpsoft.com/wp-admin/YnsFh/
Extracted
emotet
Epoch3
177.37.81.212:443
74.207.230.187:8080
190.164.75.175:80
87.252.100.28:80
105.209.239.55:80
163.172.107.70:8080
37.208.106.146:8080
24.157.25.203:80
212.112.113.235:80
140.207.113.106:443
75.139.38.211:80
192.210.217.94:8080
46.49.124.53:80
75.127.14.170:8080
87.106.231.60:8080
139.59.12.63:8080
181.167.35.84:80
201.214.108.231:80
74.208.173.91:8080
189.146.1.78:443
Targets
-
-
Target
3c8c7014132cefc7b23e620b1742e102960b0baf8e1bd29fa53e330ba92de035.doc
-
Size
169KB
-
MD5
b94e35b51e3dfe6edc969c294bb7988c
-
SHA1
145db004396ed9d98699bded13a9c7de993f2e1f
-
SHA256
3c8c7014132cefc7b23e620b1742e102960b0baf8e1bd29fa53e330ba92de035
-
SHA512
34d9b1f9116083f88121968ae3e1d4fc69da47088f9fcbc34c1b79dfec1c2909ad908679992743142ac309dd0078bd4d47b4ac86b68256a20b70a0675bbdd6b7
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-