General
-
Target
9e4e5949a37f75d6982aac9b092694911ce63a2c0bdda51d4a4e318d655f72a2
-
Size
83KB
-
Sample
220115-bksp2scban
-
MD5
eb2f7e56b9c22e7c0e9725e112f50b8c
-
SHA1
b6ed272fc37059692c2483c9cce08f28664dc5fa
-
SHA256
9e4e5949a37f75d6982aac9b092694911ce63a2c0bdda51d4a4e318d655f72a2
-
SHA512
50703344c7af4e3e97f3c6479a6c84398a18e224322da71c619406f522a75b95a049b2d0b11767c27fbe5da514dae908db6e1abe36b97decc2b3bd9da1dffdb3
Malware Config
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/
https://www.moharrampartners.com/requestion/wiA/
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
Targets
-
-
Target
9e4e5949a37f75d6982aac9b092694911ce63a2c0bdda51d4a4e318d655f72a2
-
Size
83KB
-
MD5
eb2f7e56b9c22e7c0e9725e112f50b8c
-
SHA1
b6ed272fc37059692c2483c9cce08f28664dc5fa
-
SHA256
9e4e5949a37f75d6982aac9b092694911ce63a2c0bdda51d4a4e318d655f72a2
-
SHA512
50703344c7af4e3e97f3c6479a6c84398a18e224322da71c619406f522a75b95a049b2d0b11767c27fbe5da514dae908db6e1abe36b97decc2b3bd9da1dffdb3
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE W32/Emotet CnC Beacon 3
suricata: ET MALWARE W32/Emotet CnC Beacon 3
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-