General
-
Target
dcc6409e704780116523a3e6ca35edf1399b381568d26b6d0373d1d9e00be491
-
Size
46KB
-
Sample
220401-ca2qmscea8
-
MD5
969869a41c8f52fc0853eaaba007be0f
-
SHA1
7d1c58a56647a9f3ede204d60fa0e6813d1ad8d1
-
SHA256
dcc6409e704780116523a3e6ca35edf1399b381568d26b6d0373d1d9e00be491
-
SHA512
c4a1a7ff06d4b59ed39640ca213bc1640907b304b613e47b9fe3561cd7caf6acb4f0c9a0fe19c9bb79b86dcbcae51bebec1831c732396cb1294b2860bd387c86
Malware Config
Extracted
http://eles-tech.com/css/KzMysMqFMs/
http://gonorthhalifax.com/wp-content/yTmYyLbTKZV2czsUO/
https://txpcrescue.com/cgi-bin/5tSO8/
http://hadramout21.com/jetpack-temp/Py/
http://haribuilders.com/zoombox-master/4HYGX/
http://hansen-arnal.com/cp/iiTrAeEtvOwmjjekWgI/
Extracted
http://eles-tech.com/css/KzMysMqFMs/
Extracted
emotet
Epoch4
68.183.94.239:80
104.131.11.205:443
138.197.109.175:8080
187.84.80.182:443
79.143.187.147:443
216.158.226.206:443
167.99.115.35:8080
212.24.98.99:8080
1.234.21.73:7080
206.189.28.199:8080
158.69.222.101:443
164.68.99.3:8080
188.44.20.25:443
185.157.82.211:8080
134.122.66.193:8080
196.218.30.83:443
72.15.201.15:8080
5.9.116.246:8080
176.104.106.96:8080
153.126.146.25:7080
Targets
-
-
Target
dcc6409e704780116523a3e6ca35edf1399b381568d26b6d0373d1d9e00be491
-
Size
46KB
-
MD5
969869a41c8f52fc0853eaaba007be0f
-
SHA1
7d1c58a56647a9f3ede204d60fa0e6813d1ad8d1
-
SHA256
dcc6409e704780116523a3e6ca35edf1399b381568d26b6d0373d1d9e00be491
-
SHA512
c4a1a7ff06d4b59ed39640ca213bc1640907b304b613e47b9fe3561cd7caf6acb4f0c9a0fe19c9bb79b86dcbcae51bebec1831c732396cb1294b2860bd387c86
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-