General
-
Target
emotet_e2_ebb5db5be8f6c48e1ccebf34406cd5635332781cbfe45782a0cf3b535cfc0aed_2021-01-12__211040709572._doc
-
Size
158KB
-
Sample
210112-8mtjemx9jx
-
MD5
ea979b4a19683dcb11f1cb3d7aefb3af
-
SHA1
63d097c42dc9e368b7fb5d7949e0d6a3f1b79d2b
-
SHA256
ebb5db5be8f6c48e1ccebf34406cd5635332781cbfe45782a0cf3b535cfc0aed
-
SHA512
725ec9dec5cfcddeeb7759881bd1cf780ddabb002c4fab2bf0b8bc94e82c9dc48cba5cde7005ed68169d07ed9bbcdf1cc4b07b17bd3f3d9b0ee79e78e0a9859b
Malware Config
Extracted
https://remediis.com/t/gm2X/
http://avadnansahin.com/wp-includes/w/
http://solicon.us/allam-cycle-1c4gn/f5z/
http://www.riparazioni-radiotv.com/softaculous/DZz/
http://www.agricampeggiocortecomotto.it/wp-admin/s7p1/
https://www.starlingtechs.com/GNM/
http://hellas-darmstadt.de/cgi-bin/ZSoo/
Targets
-
-
Target
emotet_e2_ebb5db5be8f6c48e1ccebf34406cd5635332781cbfe45782a0cf3b535cfc0aed_2021-01-12__211040709572._doc
-
Size
158KB
-
MD5
ea979b4a19683dcb11f1cb3d7aefb3af
-
SHA1
63d097c42dc9e368b7fb5d7949e0d6a3f1b79d2b
-
SHA256
ebb5db5be8f6c48e1ccebf34406cd5635332781cbfe45782a0cf3b535cfc0aed
-
SHA512
725ec9dec5cfcddeeb7759881bd1cf780ddabb002c4fab2bf0b8bc94e82c9dc48cba5cde7005ed68169d07ed9bbcdf1cc4b07b17bd3f3d9b0ee79e78e0a9859b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-