68d39acfcd55c7009d5a0693e155af5101e16c3f7e865a143aeb10741d93a4c8

General
Target

68d39acfcd55c7009d5a0693e155af5101e16c3f7e865a143aeb10741d93a4c8

Size

83KB

Sample

220115-b6hrzacbhm

Score
10 /10
MD5

4f7df170dc3f0afd4c6de1371b6e46d5

SHA1

0fcc0c1e8f9b496cbebdef3a71a3bb656f75b4ad

SHA256

68d39acfcd55c7009d5a0693e155af5101e16c3f7e865a143aeb10741d93a4c8

SHA512

800875ba9fe7a5ab814e8751963045670422e6282952736ef7e2c40d1f46fe3cccda6189a1991116e54c622c7dfdf6af4a9206dae45e3c136d3654c46bc1e591

Malware Config

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

http://mail.emilyanncain.com/cgi-bin/A7NT3ENvn/

xlm40.dropper

https://wordpress.baishuweb.com/wp-includes/10q0ice6/

xlm40.dropper

http://monorailegypt.com/wp-admin/6uBf9CCfZRMh/

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

http://mail.emilyanncain.com/cgi-bin/A7NT3ENvn/

Targets
Target

68d39acfcd55c7009d5a0693e155af5101e16c3f7e865a143aeb10741d93a4c8

MD5

4f7df170dc3f0afd4c6de1371b6e46d5

Filesize

83KB

Score
10/10
SHA1

0fcc0c1e8f9b496cbebdef3a71a3bb656f75b4ad

SHA256

68d39acfcd55c7009d5a0693e155af5101e16c3f7e865a143aeb10741d93a4c8

SHA512

800875ba9fe7a5ab814e8751963045670422e6282952736ef7e2c40d1f46fe3cccda6189a1991116e54c622c7dfdf6af4a9206dae45e3c136d3654c46bc1e591

Tags

Signatures

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • suricata: ET MALWARE W32/Emotet CnC Beacon 3

    Description

    suricata: ET MALWARE W32/Emotet CnC Beacon 3

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        8/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10