General
-
Target
emotet_e2_348589dcc9baac9db2ca407f614dca471a2e84aeb95798a2c8ca21bec4f7a60c_2021-01-17__090150478883._doc
-
Size
171KB
-
Sample
210117-gj28jmlld2
-
MD5
e46093481dc765f9be45bcc976edd82b
-
SHA1
c09bb809cb3282e23736b05c6a5efb78db1c84ed
-
SHA256
348589dcc9baac9db2ca407f614dca471a2e84aeb95798a2c8ca21bec4f7a60c
-
SHA512
100cbe00e7f4c6bb1ebc250b662a97367b1150fcbfc1c0d17ec9049ccd383a6fd1211fe1023f132e05491c3019873a89d2e5535d1fdbf7215e875e7d3ba2f0ae
Behavioral task
behavioral1
Sample
emotet_e2_348589dcc9baac9db2ca407f614dca471a2e84aeb95798a2c8ca21bec4f7a60c_2021-01-17__090150478883._doc.doc
Resource
win10v20201028
Malware Config
Extracted
https://remediis.com/t/gm2X/
http://avadnansahin.com/wp-includes/w/
http://solicon.us/allam-cycle-1c4gn/f5z/
http://www.riparazioni-radiotv.com/softaculous/DZz/
http://www.agricampeggiocortecomotto.it/wp-admin/s7p1/
https://www.starlingtechs.com/GNM/
http://hellas-darmstadt.de/cgi-bin/ZSoo/
Targets
-
-
Target
emotet_e2_348589dcc9baac9db2ca407f614dca471a2e84aeb95798a2c8ca21bec4f7a60c_2021-01-17__090150478883._doc
-
Size
171KB
-
MD5
e46093481dc765f9be45bcc976edd82b
-
SHA1
c09bb809cb3282e23736b05c6a5efb78db1c84ed
-
SHA256
348589dcc9baac9db2ca407f614dca471a2e84aeb95798a2c8ca21bec4f7a60c
-
SHA512
100cbe00e7f4c6bb1ebc250b662a97367b1150fcbfc1c0d17ec9049ccd383a6fd1211fe1023f132e05491c3019873a89d2e5535d1fdbf7215e875e7d3ba2f0ae
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-