9e4e5949a37f75d6982aac9b092694911ce63a2c0bdda51d4a4e318d655f72a2

General
Target

9e4e5949a37f75d6982aac9b092694911ce63a2c0bdda51d4a4e318d655f72a2

Size

83KB

Sample

220115-bksp2scban

Score
10 /10
MD5

eb2f7e56b9c22e7c0e9725e112f50b8c

SHA1

b6ed272fc37059692c2483c9cce08f28664dc5fa

SHA256

9e4e5949a37f75d6982aac9b092694911ce63a2c0bdda51d4a4e318d655f72a2

SHA512

50703344c7af4e3e97f3c6479a6c84398a18e224322da71c619406f522a75b95a049b2d0b11767c27fbe5da514dae908db6e1abe36b97decc2b3bd9da1dffdb3

Malware Config

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

http://recont.com/n8xbqb/lwEORjcJYPKCNQ/

xlm40.dropper

http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/

xlm40.dropper

https://www.moharrampartners.com/requestion/wiA/

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

http://recont.com/n8xbqb/lwEORjcJYPKCNQ/

Targets
Target

9e4e5949a37f75d6982aac9b092694911ce63a2c0bdda51d4a4e318d655f72a2

MD5

eb2f7e56b9c22e7c0e9725e112f50b8c

Filesize

83KB

Score
10/10
SHA1

b6ed272fc37059692c2483c9cce08f28664dc5fa

SHA256

9e4e5949a37f75d6982aac9b092694911ce63a2c0bdda51d4a4e318d655f72a2

SHA512

50703344c7af4e3e97f3c6479a6c84398a18e224322da71c619406f522a75b95a049b2d0b11767c27fbe5da514dae908db6e1abe36b97decc2b3bd9da1dffdb3

Tags

Signatures

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • suricata: ET MALWARE W32/Emotet CnC Beacon 3

    Description

    suricata: ET MALWARE W32/Emotet CnC Beacon 3

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        8/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10