General
-
Target
emotet_e1_478ae302eafe5e1f90b2a1216c2dfc46fe49854e850d25a0c839c6e8f19e6554_2020-11-17__172947420109._doc
-
Size
174KB
-
Sample
201117-nqmsy5b8y6
-
MD5
ab3299846f2c06d6165b24cf29ea1fde
-
SHA1
e0e283ace23759793be15448f76e8018867dde61
-
SHA256
478ae302eafe5e1f90b2a1216c2dfc46fe49854e850d25a0c839c6e8f19e6554
-
SHA512
e5956f36a64f6329ed2ab44eade40c4512e365dccd0ad4d96875f6371b4ae16f8b5b7ade81b75a78e0625a3b6afc01262b2305ac5021753dfa11ec7174bd6308
Malware Config
Extracted
http://bonyanet.com/wp-admin/iR/
http://ofoghzagros.com/wp-admin/H/
https://ilinknepal.com/infosysnepal.com/Zdz/
https://storypostar.com/wp-admin/j/
https://www.pixelstoryteller.com/hydroplane-definition/wzb/
https://redchillicrackers.com/wp-content/p/
http://www.co-traveling.com/cgi-bin/003/
Extracted
emotet
Epoch1
202.22.141.45:80
37.187.161.206:8080
202.29.239.162:443
80.87.201.221:7080
82.76.111.249:443
216.47.196.104:80
192.241.143.52:8080
192.81.38.31:80
87.106.253.248:8080
64.201.88.132:80
192.241.146.84:8080
12.162.84.2:8080
1.226.84.243:8080
177.129.17.170:443
202.134.4.210:7080
70.169.17.134:80
152.169.22.67:80
5.196.35.138:7080
138.97.60.141:7080
203.205.28.68:80
Targets
-
-
Target
emotet_e1_478ae302eafe5e1f90b2a1216c2dfc46fe49854e850d25a0c839c6e8f19e6554_2020-11-17__172947420109._doc
-
Size
174KB
-
MD5
ab3299846f2c06d6165b24cf29ea1fde
-
SHA1
e0e283ace23759793be15448f76e8018867dde61
-
SHA256
478ae302eafe5e1f90b2a1216c2dfc46fe49854e850d25a0c839c6e8f19e6554
-
SHA512
e5956f36a64f6329ed2ab44eade40c4512e365dccd0ad4d96875f6371b4ae16f8b5b7ade81b75a78e0625a3b6afc01262b2305ac5021753dfa11ec7174bd6308
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-