General
-
Target
30e0ed6edf9874c15a0e38f53fac2921
-
Size
172KB
-
Sample
210126-5vegskzkyj
-
MD5
30e0ed6edf9874c15a0e38f53fac2921
-
SHA1
f44044e601a6f3842b0156f330127883e0653e5c
-
SHA256
c769352bc206024ba5ad8d61738498f292708619344d692ff85de43cb326cb52
-
SHA512
369ee01a40aef7bac882d0329a35460caffb984d00c88dfd57f1c4407cba5134d7981ec73ba725df6710ef3e5456a33d3fcf584269dd24c7191ec1791306c5b7
Malware Config
Extracted
http://www.escalierconsulting.com/wp-includes/I/
http://aecotimes.com/wp-admin/44Z/
http://rakikuma.com/cgi-bin/K/
http://de.letscompareonline.com/cgi-bin/ztEE/
http://haumaguerraevoceoalvo.com.br/wp-includes/0Hm/
http://paulomarciotrp.com/z/y/
https://njyp.com/wp-content/Nz/1/
Extracted
emotet
Epoch2
69.38.130.14:80
195.159.28.230:8080
162.241.204.233:8080
181.165.68.127:80
49.205.182.134:80
190.251.200.206:80
139.59.60.244:8080
119.59.116.21:8080
89.216.122.92:80
185.94.252.104:443
70.92.118.112:80
78.24.219.147:8080
173.70.61.180:80
87.106.139.101:8080
66.57.108.14:443
24.179.13.119:80
121.124.124.40:7080
61.19.246.238:443
200.116.145.225:443
93.146.48.84:80
Targets
-
-
Target
30e0ed6edf9874c15a0e38f53fac2921
-
Size
172KB
-
MD5
30e0ed6edf9874c15a0e38f53fac2921
-
SHA1
f44044e601a6f3842b0156f330127883e0653e5c
-
SHA256
c769352bc206024ba5ad8d61738498f292708619344d692ff85de43cb326cb52
-
SHA512
369ee01a40aef7bac882d0329a35460caffb984d00c88dfd57f1c4407cba5134d7981ec73ba725df6710ef3e5456a33d3fcf584269dd24c7191ec1791306c5b7
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-