General
-
Target
emotet_e2_e0b3fe914319d6fbbca54226cc93de6f4b5c84a9f076aaa3a897f7a46a45d6cd_2021-01-12__205445856242._doc
-
Size
157KB
-
Sample
210112-7yfwgv5tvj
-
MD5
f2c05c265b11cbcc2352f4ab9737a4e2
-
SHA1
839c5e25f48591913a8cf7e68df9c3702201d9d6
-
SHA256
e0b3fe914319d6fbbca54226cc93de6f4b5c84a9f076aaa3a897f7a46a45d6cd
-
SHA512
21cd2d12c1c72153a6cfedee64b4901e2089a8b4f09128efe91cf244610fa293dc022d0e017bcf4d3a3dc857c70f0fc075da54baa9b5f01f0c4818884fb11774
Malware Config
Extracted
https://remediis.com/t/gm2X/
http://avadnansahin.com/wp-includes/w/
http://solicon.us/allam-cycle-1c4gn/f5z/
http://www.riparazioni-radiotv.com/softaculous/DZz/
http://www.agricampeggiocortecomotto.it/wp-admin/s7p1/
https://www.starlingtechs.com/GNM/
http://hellas-darmstadt.de/cgi-bin/ZSoo/
Targets
-
-
Target
emotet_e2_e0b3fe914319d6fbbca54226cc93de6f4b5c84a9f076aaa3a897f7a46a45d6cd_2021-01-12__205445856242._doc
-
Size
157KB
-
MD5
f2c05c265b11cbcc2352f4ab9737a4e2
-
SHA1
839c5e25f48591913a8cf7e68df9c3702201d9d6
-
SHA256
e0b3fe914319d6fbbca54226cc93de6f4b5c84a9f076aaa3a897f7a46a45d6cd
-
SHA512
21cd2d12c1c72153a6cfedee64b4901e2089a8b4f09128efe91cf244610fa293dc022d0e017bcf4d3a3dc857c70f0fc075da54baa9b5f01f0c4818884fb11774
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-