General
-
Target
emotet_e2_0bd2032e1ffe665517a03c7cbbea75705c7cf7af00789df956c635d752939ad6_2020-07-31__192844._doc
-
Size
174KB
-
Sample
200731-4nvfr51j3n
-
MD5
798883953154bcafba38ff977602a41b
-
SHA1
05b09f38c6fd1e93dd5d4ae67f5613bb956b9fa2
-
SHA256
0bd2032e1ffe665517a03c7cbbea75705c7cf7af00789df956c635d752939ad6
-
SHA512
53d1535bef11505ce63cf6b3dc90eceb42b24850cab7a4dfc8b26900fab262e76a1cf57d3c31fe478c5b0100da154d0c63d058315024640bc8a8499a38eec688
Malware Config
Extracted
http://nwcsvcs.com/cgi-bin/uz6_qs8_qr/
http://odessaresources.com/cgi-bin/3_o_but9/
https://onefarmdesign.com/cgi-bin/u_fig_m2mv/
http://onewithyoucd.com/_mm/oix_ktcpc_dljhsex/
http://www.piemonteitinera.net/n_g2o4_jumkt4/
Extracted
emotet
Epoch2
142.105.151.124:443
62.108.54.22:8080
212.51.142.238:8080
71.208.216.10:80
108.48.41.69:80
83.110.223.58:443
210.165.156.91:80
104.131.44.150:8080
104.236.246.93:8080
5.39.91.110:7080
209.141.54.221:8080
209.182.216.177:443
153.126.210.205:7080
91.211.88.52:7080
180.92.239.110:8080
183.101.175.193:80
162.241.92.219:8080
87.106.139.101:8080
114.146.222.200:80
65.111.120.223:80
Targets
-
-
Target
emotet_e2_0bd2032e1ffe665517a03c7cbbea75705c7cf7af00789df956c635d752939ad6_2020-07-31__192844._doc
-
Size
174KB
-
MD5
798883953154bcafba38ff977602a41b
-
SHA1
05b09f38c6fd1e93dd5d4ae67f5613bb956b9fa2
-
SHA256
0bd2032e1ffe665517a03c7cbbea75705c7cf7af00789df956c635d752939ad6
-
SHA512
53d1535bef11505ce63cf6b3dc90eceb42b24850cab7a4dfc8b26900fab262e76a1cf57d3c31fe478c5b0100da154d0c63d058315024640bc8a8499a38eec688
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-