General
-
Target
emotet_e2_9e2c5e3ffc4db3771082aa0ed3a6c30821f0545c540f6541d087d1e65e733cde_2021-01-22__152151450425._doc
-
Size
173KB
-
Sample
210122-21j687x5ws
-
MD5
9a3b265f3bf4dd82fd9348d63fba41e7
-
SHA1
c6560ede13093791a8dbe8e74b731d58238c3028
-
SHA256
9e2c5e3ffc4db3771082aa0ed3a6c30821f0545c540f6541d087d1e65e733cde
-
SHA512
e399728ef41f76ea089d467f8511a24ffa65ce11143576ea205c6b12ad6595e27a4009ae9eb6d22a4514b8ea79c95b3c709f9ecc723eae498755a8b635aab318
Behavioral task
behavioral1
Sample
emotet_e2_9e2c5e3ffc4db3771082aa0ed3a6c30821f0545c540f6541d087d1e65e733cde_2021-01-22__152151450425._doc.doc
Resource
win10v20201028
Malware Config
Extracted
http://coworkingplus.es/wp-admin/FxmME/
http://silkonbusiness.matrixinfotechsolution.com/js/q26/
https://bbjugueteria.com/s6kscx/Z/
https://www.bimception.com/wp-admin/sHy5t/
http://armakonarms.com/wp-includes/fz/
http://alugrama.com.mx/t/2/
http://homecass.com/wp-content/iF/
Targets
-
-
Target
emotet_e2_9e2c5e3ffc4db3771082aa0ed3a6c30821f0545c540f6541d087d1e65e733cde_2021-01-22__152151450425._doc
-
Size
173KB
-
MD5
9a3b265f3bf4dd82fd9348d63fba41e7
-
SHA1
c6560ede13093791a8dbe8e74b731d58238c3028
-
SHA256
9e2c5e3ffc4db3771082aa0ed3a6c30821f0545c540f6541d087d1e65e733cde
-
SHA512
e399728ef41f76ea089d467f8511a24ffa65ce11143576ea205c6b12ad6595e27a4009ae9eb6d22a4514b8ea79c95b3c709f9ecc723eae498755a8b635aab318
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-