General
-
Target
E2-20210125_0942
-
Size
172KB
-
Sample
210125-17j9vzs7tj
-
MD5
0ccb4f75ef19e618d216816a5282bd09
-
SHA1
7028d7080ce78804176cd1a14b3ceed1c9c374cc
-
SHA256
47b5048b9811c07120b3d72a7c46281cd98f12d807cbc75b70bf1d18925c6cc2
-
SHA512
c5a8d46a5cdc956309882075cdd292a7388ee08520e62fb0633a17a9a0d62f67782f0dd4218bd941920e00873014de2f635b0ed9df97db913edb54d4f29aba95
Malware Config
Extracted
http://www.escalierconsulting.com/wp-includes/I/
http://aecotimes.com/wp-admin/44Z/
http://rakikuma.com/cgi-bin/K/
http://de.letscompareonline.com/cgi-bin/ztEE/
http://haumaguerraevoceoalvo.com.br/wp-includes/0Hm/
http://paulomarciotrp.com/z/y/
https://njyp.com/wp-content/Nz/1/
Extracted
emotet
Epoch2
69.38.130.14:80
195.159.28.230:8080
162.241.204.233:8080
181.165.68.127:80
49.205.182.134:80
190.251.200.206:80
139.59.60.244:8080
119.59.116.21:8080
89.216.122.92:80
185.94.252.104:443
70.92.118.112:80
78.24.219.147:8080
173.70.61.180:80
87.106.139.101:8080
66.57.108.14:443
24.179.13.119:80
121.124.124.40:7080
61.19.246.238:443
200.116.145.225:443
93.146.48.84:80
Targets
-
-
Target
E2-20210125_0942
-
Size
172KB
-
MD5
0ccb4f75ef19e618d216816a5282bd09
-
SHA1
7028d7080ce78804176cd1a14b3ceed1c9c374cc
-
SHA256
47b5048b9811c07120b3d72a7c46281cd98f12d807cbc75b70bf1d18925c6cc2
-
SHA512
c5a8d46a5cdc956309882075cdd292a7388ee08520e62fb0633a17a9a0d62f67782f0dd4218bd941920e00873014de2f635b0ed9df97db913edb54d4f29aba95
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-