General
-
Target
emotet_e1_e62908b4ad66554edf1c753583e56880b908df46abcc3b1526caf639c6f48eff_2020-10-20__120939962748._doc
-
Size
164KB
-
Sample
201020-lerh5lzfgs
-
MD5
6bb0ab80424687507e78207dd554864c
-
SHA1
8cd3f736453a08c2a32b5d89748721a39ca63ca0
-
SHA256
e62908b4ad66554edf1c753583e56880b908df46abcc3b1526caf639c6f48eff
-
SHA512
bdf92ef13310cf759aa99a1488ffac80a2d7ad2ec691faa79f13a1c5248a177db90954e81600b3f495b170849020510fcfe68b6b1905e2f9e443a1314d0e2b92
Malware Config
Extracted
http://wodsuit.com/ram-aisin/7r9/
http://hoobiq.com/cgi-bin/Xyv/
http://bomfuturoadesivos.com/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/
https://vat201.com/calculator/itQ/
http://vikinggg.com/hydrolysis-of/bY/
https://mohamedsayed.com/wp-admin/Zt/
https://hostimpel.com/js/q/
Extracted
emotet
Epoch1
186.189.249.2:80
59.148.253.194:8080
173.212.197.71:8080
5.89.33.136:80
177.144.130.105:443
190.190.219.184:80
82.76.111.249:443
70.32.115.157:8080
62.84.75.50:80
190.24.243.186:80
51.15.7.145:80
24.232.228.233:80
46.105.114.137:8080
216.47.196.104:80
172.86.186.21:8080
186.103.141.250:443
128.92.203.42:80
190.188.245.242:80
152.169.22.67:80
170.81.48.2:80
Targets
-
-
Target
emotet_e1_e62908b4ad66554edf1c753583e56880b908df46abcc3b1526caf639c6f48eff_2020-10-20__120939962748._doc
-
Size
164KB
-
MD5
6bb0ab80424687507e78207dd554864c
-
SHA1
8cd3f736453a08c2a32b5d89748721a39ca63ca0
-
SHA256
e62908b4ad66554edf1c753583e56880b908df46abcc3b1526caf639c6f48eff
-
SHA512
bdf92ef13310cf759aa99a1488ffac80a2d7ad2ec691faa79f13a1c5248a177db90954e81600b3f495b170849020510fcfe68b6b1905e2f9e443a1314d0e2b92
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-