General
-
Target
VPW2020_09.doc
-
Size
176KB
-
Sample
200919-gnmam6y8ya
-
MD5
ae7ddb61d9fa3ecc1fbea1ef1d26ed53
-
SHA1
93d9db90acb66d49bc3a0e7851a5d16ec0a18bca
-
SHA256
6b816849afa3b488666d87953946ce1427ed9c254dbd7ef302c9c25146c404f3
-
SHA512
976cb65da7c828df08a7d0ac1d903fb12b6e7283caecf89fb14331bafecab244796f431e8b0b50d800d208a3da2da77610317627c51e0ca1b1ad9b9c6c284274
Malware Config
Extracted
http://reseller-demo-website.com/discussion/qWWf8FS/
https://www.mockdumps.com/test/Z2pJ/
https://twisterprint.com/chrometheme/Vcr/
http://simulations.org/rw_common/KfX2MW/
http://planosdesaudesemcarencia.com/erros/JHoq/
https://viaje-achina.com/wp-admin/A1O8tL/
https://cearacultural.com.br/turismo/oy/
Extracted
emotet
Epoch2
71.72.196.159:80
134.209.36.254:8080
120.138.30.150:8080
94.23.216.33:80
157.245.99.39:8080
137.59.187.107:8080
94.23.237.171:443
61.19.246.238:443
156.155.166.221:80
50.35.17.13:80
153.137.36.142:80
91.211.88.52:7080
209.141.54.221:8080
185.94.252.104:443
174.45.13.118:80
87.106.136.232:8080
62.75.141.82:80
213.196.135.145:80
188.219.31.12:80
82.80.155.43:80
Targets
-
-
Target
VPW2020_09.doc
-
Size
176KB
-
MD5
ae7ddb61d9fa3ecc1fbea1ef1d26ed53
-
SHA1
93d9db90acb66d49bc3a0e7851a5d16ec0a18bca
-
SHA256
6b816849afa3b488666d87953946ce1427ed9c254dbd7ef302c9c25146c404f3
-
SHA512
976cb65da7c828df08a7d0ac1d903fb12b6e7283caecf89fb14331bafecab244796f431e8b0b50d800d208a3da2da77610317627c51e0ca1b1ad9b9c6c284274
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-