General

  • Target

    emotet_e2_22daf06e652ce12909ea87e481c5c12a9ce86142fd53aa1e375b79263dbc45a9_2021-01-21__052713248113._fpx

  • Size

    164KB

  • Sample

    210121-zq61k9jqbe

  • MD5

    1dad9d166097fc0c0689ab59f42bc1a9

  • SHA1

    9a9f05633fb5fcdd722fa3f8a289e4f39bbe40b5

  • SHA256

    22daf06e652ce12909ea87e481c5c12a9ce86142fd53aa1e375b79263dbc45a9

  • SHA512

    28c6d944980adf139a827245c340e57a67241e524123bb526d89bc881f43e373d2f8fc27ccd422557dc24fc2dc3eb8210c55ad7fccfc70b92b4da80bd73b0304

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://trendmoversdubai.com/cgi-bin/B73/

exe.dropper

http://dryaquelingrdo.com/wp-content/SI/

exe.dropper

http://bardiastore.com/wp-admin/A1283/

exe.dropper

http://oxycode.net/wp-admin/x/

exe.dropper

http://fabulousstylz.net/248152296/TpI/

exe.dropper

http://abdo-alyemeni.com/wp-admin/seG6/

exe.dropper

http://giteslacolombiere.com/wp-admin/FV/

Targets

    • Target

      emotet_e2_22daf06e652ce12909ea87e481c5c12a9ce86142fd53aa1e375b79263dbc45a9_2021-01-21__052713248113._fpx

    • Size

      164KB

    • MD5

      1dad9d166097fc0c0689ab59f42bc1a9

    • SHA1

      9a9f05633fb5fcdd722fa3f8a289e4f39bbe40b5

    • SHA256

      22daf06e652ce12909ea87e481c5c12a9ce86142fd53aa1e375b79263dbc45a9

    • SHA512

      28c6d944980adf139a827245c340e57a67241e524123bb526d89bc881f43e373d2f8fc27ccd422557dc24fc2dc3eb8210c55ad7fccfc70b92b4da80bd73b0304

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

MITRE ATT&CK Enterprise v6

Tasks