General
-
Target
emotet_e2_22daf06e652ce12909ea87e481c5c12a9ce86142fd53aa1e375b79263dbc45a9_2021-01-21__052713248113._fpx
-
Size
164KB
-
Sample
210121-zq61k9jqbe
-
MD5
1dad9d166097fc0c0689ab59f42bc1a9
-
SHA1
9a9f05633fb5fcdd722fa3f8a289e4f39bbe40b5
-
SHA256
22daf06e652ce12909ea87e481c5c12a9ce86142fd53aa1e375b79263dbc45a9
-
SHA512
28c6d944980adf139a827245c340e57a67241e524123bb526d89bc881f43e373d2f8fc27ccd422557dc24fc2dc3eb8210c55ad7fccfc70b92b4da80bd73b0304
Malware Config
Extracted
http://trendmoversdubai.com/cgi-bin/B73/
http://dryaquelingrdo.com/wp-content/SI/
http://bardiastore.com/wp-admin/A1283/
http://oxycode.net/wp-admin/x/
http://fabulousstylz.net/248152296/TpI/
http://abdo-alyemeni.com/wp-admin/seG6/
http://giteslacolombiere.com/wp-admin/FV/
Targets
-
-
Target
emotet_e2_22daf06e652ce12909ea87e481c5c12a9ce86142fd53aa1e375b79263dbc45a9_2021-01-21__052713248113._fpx
-
Size
164KB
-
MD5
1dad9d166097fc0c0689ab59f42bc1a9
-
SHA1
9a9f05633fb5fcdd722fa3f8a289e4f39bbe40b5
-
SHA256
22daf06e652ce12909ea87e481c5c12a9ce86142fd53aa1e375b79263dbc45a9
-
SHA512
28c6d944980adf139a827245c340e57a67241e524123bb526d89bc881f43e373d2f8fc27ccd422557dc24fc2dc3eb8210c55ad7fccfc70b92b4da80bd73b0304
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-