General
-
Target
emotet_e2_51fae18ca6515a9154913bc82e245a72308b832eb47b5785a21beb0f0a34b07e_2021-01-21__070513243476._fpx
-
Size
164KB
-
Sample
210121-pwc9gd4b6j
-
MD5
8220bf1c2460fc3e6959e2c651512ffe
-
SHA1
2f14a5a80bfe839dbb2ff4066fa0dfed9e833dfb
-
SHA256
51fae18ca6515a9154913bc82e245a72308b832eb47b5785a21beb0f0a34b07e
-
SHA512
9716489b774db4c1080b6a46b832904545f11c463f29c24728356fb9c20e42ec9919006d156ada479fa40a6bff324ba4b25365aa196981f75b5f18cc0e62363b
Behavioral task
behavioral1
Sample
emotet_e2_51fae18ca6515a9154913bc82e245a72308b832eb47b5785a21beb0f0a34b07e_2021-01-21__070513243476._fpx.doc
Resource
win10v20201028
Malware Config
Extracted
http://trendmoversdubai.com/cgi-bin/B73/
http://dryaquelingrdo.com/wp-content/SI/
http://bardiastore.com/wp-admin/A1283/
http://oxycode.net/wp-admin/x/
http://fabulousstylz.net/248152296/TpI/
http://abdo-alyemeni.com/wp-admin/seG6/
http://giteslacolombiere.com/wp-admin/FV/
Targets
-
-
Target
emotet_e2_51fae18ca6515a9154913bc82e245a72308b832eb47b5785a21beb0f0a34b07e_2021-01-21__070513243476._fpx
-
Size
164KB
-
MD5
8220bf1c2460fc3e6959e2c651512ffe
-
SHA1
2f14a5a80bfe839dbb2ff4066fa0dfed9e833dfb
-
SHA256
51fae18ca6515a9154913bc82e245a72308b832eb47b5785a21beb0f0a34b07e
-
SHA512
9716489b774db4c1080b6a46b832904545f11c463f29c24728356fb9c20e42ec9919006d156ada479fa40a6bff324ba4b25365aa196981f75b5f18cc0e62363b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-