General
-
Target
emotet_e2_634f50b36e81b7e81cfb0e42da0afb32839b6f8713b7ef336ef70ed10d716159_2020-07-31__205706._doc
-
Size
174KB
-
Sample
200731-mqlzfe85zs
-
MD5
900d8ef92c798be75b00079ffa492009
-
SHA1
f3026343b095bc2b2fef3372e76d44b16655452b
-
SHA256
634f50b36e81b7e81cfb0e42da0afb32839b6f8713b7ef336ef70ed10d716159
-
SHA512
42c35852576743aa7acbf100e51663f43142bb02f71adaa9b9830b2f487cc2549ea2b3ba1b535fcd2116ad36ff9141bcc2898c7cc602d65369f02e218d8393ee
Malware Config
Extracted
http://nwcsvcs.com/cgi-bin/uz6_qs8_qr/
http://odessaresources.com/cgi-bin/3_o_but9/
https://onefarmdesign.com/cgi-bin/u_fig_m2mv/
http://onewithyoucd.com/_mm/oix_ktcpc_dljhsex/
http://www.piemonteitinera.net/n_g2o4_jumkt4/
Extracted
emotet
Epoch2
142.105.151.124:443
62.108.54.22:8080
212.51.142.238:8080
71.208.216.10:80
108.48.41.69:80
83.110.223.58:443
210.165.156.91:80
104.131.44.150:8080
104.236.246.93:8080
5.39.91.110:7080
209.141.54.221:8080
209.182.216.177:443
153.126.210.205:7080
91.211.88.52:7080
180.92.239.110:8080
183.101.175.193:80
162.241.92.219:8080
87.106.139.101:8080
114.146.222.200:80
65.111.120.223:80
Targets
-
-
Target
emotet_e2_634f50b36e81b7e81cfb0e42da0afb32839b6f8713b7ef336ef70ed10d716159_2020-07-31__205706._doc
-
Size
174KB
-
MD5
900d8ef92c798be75b00079ffa492009
-
SHA1
f3026343b095bc2b2fef3372e76d44b16655452b
-
SHA256
634f50b36e81b7e81cfb0e42da0afb32839b6f8713b7ef336ef70ed10d716159
-
SHA512
42c35852576743aa7acbf100e51663f43142bb02f71adaa9b9830b2f487cc2549ea2b3ba1b535fcd2116ad36ff9141bcc2898c7cc602d65369f02e218d8393ee
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-