General
-
Target
emotet_e2_d22d7440cc55189d7d805520a53cedb9041f18b97d3a1bfb652a611fc4fb0ca9_2021-01-13__023100109024._doc
-
Size
157KB
-
Sample
210113-lpmv2y2bdj
-
MD5
a300d77e6b8243d0e226ee2fddc867f6
-
SHA1
4f56f328a9090f27f975007c01f3111593103db9
-
SHA256
d22d7440cc55189d7d805520a53cedb9041f18b97d3a1bfb652a611fc4fb0ca9
-
SHA512
79c46474add4eb9e9998e15719880855b931979cc3b0d2cfec3a36bc6e0c7b9d85aeb4f9397051ffd613511b47e1c8f9476b8bc4a3d62c6a2a76217e0027a235
Malware Config
Extracted
https://altrashift.com/wp-includes/I/
https://ojodetigremezcal.com/wp/i62s/
https://snowremoval-services.com/wp-content/P3Z/
http://kitsunecomplements.com/too-much-phppq/n65U/
https://imperioone.com/content/WOBq/
http://www.autoeck-baden.at/wp-content/w0Vb/
https://shop.animewho.com/content/Tj/
Targets
-
-
Target
emotet_e2_d22d7440cc55189d7d805520a53cedb9041f18b97d3a1bfb652a611fc4fb0ca9_2021-01-13__023100109024._doc
-
Size
157KB
-
MD5
a300d77e6b8243d0e226ee2fddc867f6
-
SHA1
4f56f328a9090f27f975007c01f3111593103db9
-
SHA256
d22d7440cc55189d7d805520a53cedb9041f18b97d3a1bfb652a611fc4fb0ca9
-
SHA512
79c46474add4eb9e9998e15719880855b931979cc3b0d2cfec3a36bc6e0c7b9d85aeb4f9397051ffd613511b47e1c8f9476b8bc4a3d62c6a2a76217e0027a235
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-