General
-
Target
emotet_e2_74871748f92973cb0c0d156ab48046d061b5071b194fa60276146079666a2536_2020-08-01__010150._doc
-
Size
171KB
-
Sample
200801-7a8zev9c7s
-
MD5
8064acb77c2703a3e4f28fdc1b7d8950
-
SHA1
de21eecdeb2e4e7db8e20a32c8f3d431507e644d
-
SHA256
74871748f92973cb0c0d156ab48046d061b5071b194fa60276146079666a2536
-
SHA512
e081baa58d0f694c856461e77d53382edfd747a979cbf1dbcb4d610ef31cfeb82fc9874e6751d28360564801ec22e1a9f3cc50b4b894ef0d2b970cbc3e696a63
Malware Config
Extracted
http://muliarental.com/wp-includes/uwr_u4_ed3qzbb/
http://ltrybus.com/cgi-bin/mff_xao9d_5ld5qajfmx/
http://my6thgen.org/_db_backups/t_e_v7qizcr2/
http://mywebnerd.com/bluesforsale/zi6_v4g0_rmyg/
http://www.naayers.org/Library/o_eo_97ml/
Extracted
emotet
Epoch2
142.105.151.124:443
62.108.54.22:8080
212.51.142.238:8080
71.208.216.10:80
108.48.41.69:80
83.110.223.58:443
210.165.156.91:80
104.131.44.150:8080
104.236.246.93:8080
5.39.91.110:7080
209.141.54.221:8080
209.182.216.177:443
153.126.210.205:7080
91.211.88.52:7080
180.92.239.110:8080
183.101.175.193:80
162.241.92.219:8080
87.106.139.101:8080
114.146.222.200:80
65.111.120.223:80
Targets
-
-
Target
emotet_e2_74871748f92973cb0c0d156ab48046d061b5071b194fa60276146079666a2536_2020-08-01__010150._doc
-
Size
171KB
-
MD5
8064acb77c2703a3e4f28fdc1b7d8950
-
SHA1
de21eecdeb2e4e7db8e20a32c8f3d431507e644d
-
SHA256
74871748f92973cb0c0d156ab48046d061b5071b194fa60276146079666a2536
-
SHA512
e081baa58d0f694c856461e77d53382edfd747a979cbf1dbcb4d610ef31cfeb82fc9874e6751d28360564801ec22e1a9f3cc50b4b894ef0d2b970cbc3e696a63
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-