General
-
Target
emotet_e2_23aa403b8d0275806667675b80f1c0723668a4540a3fdab009282b001da24105_2021-01-12__210719256020._doc
-
Size
158KB
-
Sample
210112-xgjn79zvce
-
MD5
be801c3126cfc5f4efc2ebaf86b93c06
-
SHA1
44a2a65c44930ab0da3a234404786f1172465e4e
-
SHA256
23aa403b8d0275806667675b80f1c0723668a4540a3fdab009282b001da24105
-
SHA512
33286dbef8048491297d37ea3c04e2bc80a0871f4dffc735cdc2db2a57a4153779c5ee15a94335dd6c3c69b37389522274a3f47b96f2fe0546618d6900a2b400
Malware Config
Extracted
https://remediis.com/t/gm2X/
http://avadnansahin.com/wp-includes/w/
http://solicon.us/allam-cycle-1c4gn/f5z/
http://www.riparazioni-radiotv.com/softaculous/DZz/
http://www.agricampeggiocortecomotto.it/wp-admin/s7p1/
https://www.starlingtechs.com/GNM/
http://hellas-darmstadt.de/cgi-bin/ZSoo/
Targets
-
-
Target
emotet_e2_23aa403b8d0275806667675b80f1c0723668a4540a3fdab009282b001da24105_2021-01-12__210719256020._doc
-
Size
158KB
-
MD5
be801c3126cfc5f4efc2ebaf86b93c06
-
SHA1
44a2a65c44930ab0da3a234404786f1172465e4e
-
SHA256
23aa403b8d0275806667675b80f1c0723668a4540a3fdab009282b001da24105
-
SHA512
33286dbef8048491297d37ea3c04e2bc80a0871f4dffc735cdc2db2a57a4153779c5ee15a94335dd6c3c69b37389522274a3f47b96f2fe0546618d6900a2b400
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-