General
Static task
static1
URLScan task
urlscan1
Sample
http://tentandoserfitness.000webhostapp.com/wp-admin/invoice/ehn410274214523502210vlbxohwp4//
Malware Config
Extracted
Language
ps1
Source
URLs
exe.dropper
https://an9news.com/aokhf/XPXV7/
exe.dropper
https://www.17geci.com/vi2w6/Z5i/
exe.dropper
https://rubycityvietnam.com/wp-admin/1c0NVtp/
exe.dropper
https://lami-jo.com/wp-admin/VMeklEt/
exe.dropper
http://vayvontinchap5s.com/vayvon5s.com/YH3mx/
exe.dropper
http://jiamini.us-east-1.elasticbeanstalk.com/static/P1Vcv/
exe.dropper
http://wach8.com/cgi-bin/5JyZcRU/
Targets
-
-
Target
http://tentandoserfitness.000webhostapp.com/wp-admin/invoice/ehn410274214523502210vlbxohwp4//
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops file in System32 directory
-