General
-
Target
emotet_e2_2f36085ea2e5a9e6a5d22b533c206be9bb1d3c71ee4c910ae165e54b053c0ec3_2021-01-21__021935373467._fpx
-
Size
166KB
-
Sample
210121-lp164p1ha2
-
MD5
1e3e4ee6133af5cf0ab7939b4e117f54
-
SHA1
08be23456c71d75a5107348657e4df41a1350c34
-
SHA256
2f36085ea2e5a9e6a5d22b533c206be9bb1d3c71ee4c910ae165e54b053c0ec3
-
SHA512
50f4f762f716c408f4070e4fb4cc6276b4b1535bb0fed3bf7149e174f104b57f4bd9b4703ae9513198d086a331380cca07bc7ddaa14460b8081a97f4078eebe8
Behavioral task
behavioral1
Sample
emotet_e2_2f36085ea2e5a9e6a5d22b533c206be9bb1d3c71ee4c910ae165e54b053c0ec3_2021-01-21__021935373467._fpx.doc
Resource
win10v20201028
Malware Config
Extracted
http://trendmoversdubai.com/cgi-bin/B73/
http://dryaquelingrdo.com/wp-content/SI/
http://bardiastore.com/wp-admin/A1283/
http://oxycode.net/wp-admin/x/
http://fabulousstylz.net/248152296/TpI/
http://abdo-alyemeni.com/wp-admin/seG6/
http://giteslacolombiere.com/wp-admin/FV/
Targets
-
-
Target
emotet_e2_2f36085ea2e5a9e6a5d22b533c206be9bb1d3c71ee4c910ae165e54b053c0ec3_2021-01-21__021935373467._fpx
-
Size
166KB
-
MD5
1e3e4ee6133af5cf0ab7939b4e117f54
-
SHA1
08be23456c71d75a5107348657e4df41a1350c34
-
SHA256
2f36085ea2e5a9e6a5d22b533c206be9bb1d3c71ee4c910ae165e54b053c0ec3
-
SHA512
50f4f762f716c408f4070e4fb4cc6276b4b1535bb0fed3bf7149e174f104b57f4bd9b4703ae9513198d086a331380cca07bc7ddaa14460b8081a97f4078eebe8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-