General
-
Target
송장-171827.doc
-
Size
164KB
-
Sample
210129-ej83cc3yhx
-
MD5
cca2eb43e9ac9ce0b850601db0c8a9dd
-
SHA1
1efa00d6971122dfe4e916282085e1e4ca0eeb86
-
SHA256
b2de95f9cba002fd980b4edb6ca033c5c200f4f1cea9d7a7315cfa4801e514e0
-
SHA512
1d3c28189386daaa494ab871c7a534b4054ddd3fb91a60a5baf8abc6c961fd34c880feac43b806bbb64fa46588faba5b6f2c15879d355b5d810b24d6b91e8005
Malware Config
Extracted
http://qingniatouzi.com/wp-includes/Z4TFME0/
http://chenqiaorong007.com/wp-content/inh1Q4eFMT/
http://bestcartdeal.com/wp-content/U12BbGPx2v/
https://hredoybangladesh.com/3948708181/l7/
https://washcolsc.com/wp-admin/gRIWZ/
https://aqnym.top/wp-login/9ZvtYaLyhg/
Extracted
emotet
Epoch3
132.248.38.158:80
203.157.152.9:7080
157.245.145.87:443
110.37.224.243:80
70.32.89.105:8080
185.142.236.163:443
192.241.220.183:8080
91.83.93.103:443
54.38.143.245:8080
192.210.217.94:8080
37.205.9.252:7080
78.90.78.210:80
182.73.7.59:8080
163.53.204.180:443
91.75.75.46:80
172.104.46.84:8080
161.49.84.2:80
27.78.27.110:443
203.160.167.243:80
109.99.146.210:8080
Targets
-
-
Target
송장-171827.doc
-
Size
164KB
-
MD5
cca2eb43e9ac9ce0b850601db0c8a9dd
-
SHA1
1efa00d6971122dfe4e916282085e1e4ca0eeb86
-
SHA256
b2de95f9cba002fd980b4edb6ca033c5c200f4f1cea9d7a7315cfa4801e514e0
-
SHA512
1d3c28189386daaa494ab871c7a534b4054ddd3fb91a60a5baf8abc6c961fd34c880feac43b806bbb64fa46588faba5b6f2c15879d355b5d810b24d6b91e8005
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-