General
-
Target
emotet_e2_dd1eb5d6665fa95590fbb058fdfb8311563d8d5b62f6b8b538cb33c967f22362_2020-09-19__111528788242._doc
-
Size
177KB
-
Sample
200919-fey2hbw526
-
MD5
f8215e9aae3878a40d026e1f8d13994c
-
SHA1
3d21d67edd9242c20f3c4e9105979ae866d7697d
-
SHA256
dd1eb5d6665fa95590fbb058fdfb8311563d8d5b62f6b8b538cb33c967f22362
-
SHA512
abbc48470855bae826ad8ecfce1fb52f9d93e6b9bd9fac308116cecb4e89d12384c9b368a4ff5991dbabaa4c779f48e21b65054ab29e458c0713de0cd3f5a63b
Malware Config
Extracted
https://santyago.org/wp-content/0mcYS6/
http://dandyair.com/font-awesome/rOOAL/
https://www.tekadbatam.com/wp-content/AUiw/
http://kellymorganscience.com/wp-content/SCsWM/
https://tewoerd.eu/img/DALSKE/
http://mediainmedia.com/plugin_opencart2.3-master/Atye/
http://nuwagi.com/old/XLGjc/
Extracted
emotet
Epoch2
71.72.196.159:80
134.209.36.254:8080
120.138.30.150:8080
94.23.216.33:80
157.245.99.39:8080
137.59.187.107:8080
94.23.237.171:443
61.19.246.238:443
156.155.166.221:80
50.35.17.13:80
153.137.36.142:80
91.211.88.52:7080
209.141.54.221:8080
185.94.252.104:443
174.45.13.118:80
87.106.136.232:8080
62.75.141.82:80
213.196.135.145:80
188.219.31.12:80
82.80.155.43:80
Targets
-
-
Target
emotet_e2_dd1eb5d6665fa95590fbb058fdfb8311563d8d5b62f6b8b538cb33c967f22362_2020-09-19__111528788242._doc
-
Size
177KB
-
MD5
f8215e9aae3878a40d026e1f8d13994c
-
SHA1
3d21d67edd9242c20f3c4e9105979ae866d7697d
-
SHA256
dd1eb5d6665fa95590fbb058fdfb8311563d8d5b62f6b8b538cb33c967f22362
-
SHA512
abbc48470855bae826ad8ecfce1fb52f9d93e6b9bd9fac308116cecb4e89d12384c9b368a4ff5991dbabaa4c779f48e21b65054ab29e458c0713de0cd3f5a63b
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-