General
-
Target
21cd95fb4f71525407b37a901590819a18d24ca48bd6b8f7170ff423e780dd4b
-
Size
106KB
-
Sample
220330-wkavfsfcc3
-
MD5
363e410baecdaa6ca488170ce8c5c9e2
-
SHA1
7654990566a8779110c4e67daad7ad6b0ddefc80
-
SHA256
21cd95fb4f71525407b37a901590819a18d24ca48bd6b8f7170ff423e780dd4b
-
SHA512
0a29e2e15db433126fa2b7cb6a2fb1051809b7a70fdf6d2409d02a065934d2f08e741eef1aa735f1ef656258061f76bca2fe53993388ab2f6128ccc92798d050
Malware Config
Extracted
https://www.gessersh.com/wp-includes/ZwQLepW/
http://www.garantihaliyikama.com/wp-admin/FjgB6I/
https://www.fantasticmotion.jp/_cnskin/qfWEQrrwBg/
http://dmcontabilidade.com/correspondentecaixa/TrS/
https://fcelik.nl/rittenregistratie/web/css/B3ILfU8Xk2SsEmT/
http://fanfield.co.uk/cgi-bin/7pp6DjWFNJXY8/
Extracted
https://www.gessersh.com/wp-includes/ZwQLepW/
Extracted
emotet
Epoch4
68.183.94.239:80
104.131.11.205:443
138.197.109.175:8080
187.84.80.182:443
79.143.187.147:443
216.158.226.206:443
167.99.115.35:8080
212.24.98.99:8080
1.234.21.73:7080
206.189.28.199:8080
158.69.222.101:443
164.68.99.3:8080
188.44.20.25:443
185.157.82.211:8080
134.122.66.193:8080
196.218.30.83:443
72.15.201.15:8080
5.9.116.246:8080
176.104.106.96:8080
153.126.146.25:7080
Targets
-
-
Target
21cd95fb4f71525407b37a901590819a18d24ca48bd6b8f7170ff423e780dd4b
-
Size
106KB
-
MD5
363e410baecdaa6ca488170ce8c5c9e2
-
SHA1
7654990566a8779110c4e67daad7ad6b0ddefc80
-
SHA256
21cd95fb4f71525407b37a901590819a18d24ca48bd6b8f7170ff423e780dd4b
-
SHA512
0a29e2e15db433126fa2b7cb6a2fb1051809b7a70fdf6d2409d02a065934d2f08e741eef1aa735f1ef656258061f76bca2fe53993388ab2f6128ccc92798d050
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Drops file in System32 directory
-