General
-
Target
JVDT20_09.doc
-
Size
161KB
-
Sample
200916-2jdyemqa3e
-
MD5
c8db50682c9c51a0a5b220aca08a8b5f
-
SHA1
f0e2afb8a556bb000e169e24e84c3af9942429fe
-
SHA256
127c406b36e40a2277c416de6a955130dba4cb23be857da9a3987fb98a170d32
-
SHA512
cece058757e669d26a73ad58d9c4f5c02ae7118cf9c5fc78e3b92a4bc8b268c500867e7b3f131432f07c422fc26976d17ea8d4f98bd4a783cfe19e88e97fa3ee
Static task
static1
Behavioral task
behavioral1
Sample
JVDT20_09.doc
Resource
win7v200722
Malware Config
Extracted
https://templatejson.com/awrrn/Kw10uo/
https://hosting.mybestheme.com/aikjj0q/8/
https://tastes2plate.com/wp-content/uploads/6/
http://madeirawildlife.com/wp-admin/zuWZW/
http://senyumdesa.org/wp-admin/aC4/
https://ibuyoldwebsites.com/modules/QVtEr7/
http://blog.zunapro.com/wp-admin/js/widgets/EH4agl/
Extracted
emotet
Epoch2
74.219.172.26:80
134.209.36.254:8080
104.156.59.7:8080
120.138.30.150:8080
194.187.133.160:443
104.236.246.93:8080
74.208.45.104:8080
78.187.156.31:80
187.161.206.24:80
94.23.216.33:80
172.91.208.86:80
91.211.88.52:7080
50.91.114.38:80
200.123.150.89:443
121.124.124.40:7080
62.75.141.82:80
5.196.74.210:8080
24.137.76.62:80
85.105.205.77:8080
139.130.242.43:80
82.225.49.121:80
110.145.77.103:80
195.251.213.56:80
46.105.131.79:8080
87.106.136.232:8080
75.139.38.211:80
124.41.215.226:80
203.153.216.189:7080
162.241.242.173:8080
219.74.18.66:443
174.45.13.118:80
68.188.112.97:80
200.114.213.233:8080
213.196.135.145:80
61.92.17.12:80
61.19.246.238:443
219.75.128.166:80
120.150.60.189:80
123.176.25.234:80
1.221.254.82:80
137.119.36.33:80
94.23.237.171:443
74.120.55.163:80
62.30.7.67:443
104.131.11.150:443
139.59.67.118:443
209.141.54.221:8080
79.137.83.50:443
84.39.182.7:80
97.82.79.83:80
87.106.139.101:8080
94.1.108.190:443
37.187.72.193:8080
139.162.108.71:8080
93.147.212.206:80
74.134.41.124:80
103.86.49.11:8080
75.80.124.4:80
109.74.5.95:8080
153.232.188.106:80
168.235.67.138:7080
50.35.17.13:80
42.200.107.142:80
82.80.155.43:80
78.24.219.147:8080
24.43.99.75:80
107.5.122.110:80
156.155.166.221:80
83.169.36.251:8080
47.144.21.12:443
79.98.24.39:8080
181.169.34.190:80
139.59.60.244:8080
85.152.162.105:80
185.94.252.104:443
110.5.16.198:80
174.102.48.180:443
140.186.212.146:80
95.179.229.244:8080
104.32.141.43:80
169.239.182.217:8080
121.7.127.163:80
94.200.114.161:80
201.173.217.124:443
104.131.44.150:8080
137.59.187.107:8080
5.39.91.110:7080
203.117.253.142:80
157.245.99.39:8080
176.111.60.55:8080
95.213.236.64:8080
220.245.198.194:80
37.139.21.175:8080
89.216.122.92:80
139.99.158.11:443
24.179.13.119:80
188.219.31.12:80
Targets
-
-
Target
JVDT20_09.doc
-
Size
161KB
-
MD5
c8db50682c9c51a0a5b220aca08a8b5f
-
SHA1
f0e2afb8a556bb000e169e24e84c3af9942429fe
-
SHA256
127c406b36e40a2277c416de6a955130dba4cb23be857da9a3987fb98a170d32
-
SHA512
cece058757e669d26a73ad58d9c4f5c02ae7118cf9c5fc78e3b92a4bc8b268c500867e7b3f131432f07c422fc26976d17ea8d4f98bd4a783cfe19e88e97fa3ee
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-