General
-
Target
emotet_e2_e50c941c576a54fb30415ca63016572e9104d7be02cf3a1f220e72e6aec6a1ff_2021-01-13__065842785982._doc
-
Size
157KB
-
Sample
210113-geh7wpt5l2
-
MD5
0992c8eb7118040a7c080b319332d664
-
SHA1
59721461d683072ec6647f510f08d75e7b0ae6b9
-
SHA256
e50c941c576a54fb30415ca63016572e9104d7be02cf3a1f220e72e6aec6a1ff
-
SHA512
0c7a3e653fbc5c8afca319a5816bce0b1a68e40787f98b1aa6bd7bba5afac4de96db05ea5ce2547c02e9e9eb0bb90073579d5a91dfc2abbf4358026986a14d57
Malware Config
Extracted
https://altrashift.com/wp-includes/I/
https://ojodetigremezcal.com/wp/i62s/
https://snowremoval-services.com/wp-content/P3Z/
http://kitsunecomplements.com/too-much-phppq/n65U/
https://imperioone.com/content/WOBq/
http://www.autoeck-baden.at/wp-content/w0Vb/
https://shop.animewho.com/content/Tj/
Targets
-
-
Target
emotet_e2_e50c941c576a54fb30415ca63016572e9104d7be02cf3a1f220e72e6aec6a1ff_2021-01-13__065842785982._doc
-
Size
157KB
-
MD5
0992c8eb7118040a7c080b319332d664
-
SHA1
59721461d683072ec6647f510f08d75e7b0ae6b9
-
SHA256
e50c941c576a54fb30415ca63016572e9104d7be02cf3a1f220e72e6aec6a1ff
-
SHA512
0c7a3e653fbc5c8afca319a5816bce0b1a68e40787f98b1aa6bd7bba5afac4de96db05ea5ce2547c02e9e9eb0bb90073579d5a91dfc2abbf4358026986a14d57
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-