General
-
Target
emotet_e2_e6ff49287012d58677f10aee8924f9f40ec2cbdc7ed836f090e195e593068cda_2021-01-22__163708864431._doc
-
Size
172KB
-
Sample
210122-dllr5abwxa
-
MD5
01c1ca40bc09f05995af00ac594e986a
-
SHA1
0377420c91853235af30677ec145cb232266a024
-
SHA256
e6ff49287012d58677f10aee8924f9f40ec2cbdc7ed836f090e195e593068cda
-
SHA512
d2df9f9f2ce941c92ea83bbf889a4ef888109fc0d94f6979c5f9ee107b4eefd5290e3fd4d43fc327cf871a1f5e5b1d329451a741a0b87a5b20dc6770cb6f4317
Malware Config
Extracted
http://coworkingplus.es/wp-admin/FxmME/
http://silkonbusiness.matrixinfotechsolution.com/js/q26/
https://bbjugueteria.com/s6kscx/Z/
https://www.bimception.com/wp-admin/sHy5t/
http://armakonarms.com/wp-includes/fz/
http://alugrama.com.mx/t/2/
http://homecass.com/wp-content/iF/
Targets
-
-
Target
emotet_e2_e6ff49287012d58677f10aee8924f9f40ec2cbdc7ed836f090e195e593068cda_2021-01-22__163708864431._doc
-
Size
172KB
-
MD5
01c1ca40bc09f05995af00ac594e986a
-
SHA1
0377420c91853235af30677ec145cb232266a024
-
SHA256
e6ff49287012d58677f10aee8924f9f40ec2cbdc7ed836f090e195e593068cda
-
SHA512
d2df9f9f2ce941c92ea83bbf889a4ef888109fc0d94f6979c5f9ee107b4eefd5290e3fd4d43fc327cf871a1f5e5b1d329451a741a0b87a5b20dc6770cb6f4317
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-