Resubmissions
16/05/2022, 21:27
220516-1axcxsdadq 10General
-
Target
XDK 002732.lnk
-
Size
2KB
-
Sample
220516-1axcxsdadq
-
MD5
dec2778e7c82c4c7d79e9dafd5974a50
-
SHA1
a2b1ea6a77f86435a2f5298fc06a3ed139dc404b
-
SHA256
4f49ad2d17845e9efc8ab9b205c88548de505324e1ee7b3ffb94996c8f13dde3
-
SHA512
6fd7b9bd3c928620ab6e414d2a1a3aeafe56aa329233df9a2e914446e7c54bb98a3bd73d2534b4aab7aff28a02574d6c41ef750aa8b1b1281e2820ee8ed7e133
Malware Config
Extracted
emotet
Epoch5
93.104.209.107:8080
195.154.146.35:443
202.134.4.210:7080
17.20.148.183:8907
185.148.168.220:8080
68.183.93.250:443
175.126.176.79:8080
77.31.27.120:26351
203.153.216.46:443
202.28.34.99:8080
210.57.209.142:8080
18.229.236.50:18850
36.67.23.59:443
159.69.237.188:443
107.22.159.198:7774
207.148.81.119:8080
54.38.143.246:7080
45.71.195.104:8080
108.159.107.249:48268
45.230.140.156:22366
Targets
-
-
Target
XDK 002732.lnk
-
Size
2KB
-
MD5
dec2778e7c82c4c7d79e9dafd5974a50
-
SHA1
a2b1ea6a77f86435a2f5298fc06a3ed139dc404b
-
SHA256
4f49ad2d17845e9efc8ab9b205c88548de505324e1ee7b3ffb94996c8f13dde3
-
SHA512
6fd7b9bd3c928620ab6e414d2a1a3aeafe56aa329233df9a2e914446e7c54bb98a3bd73d2534b4aab7aff28a02574d6c41ef750aa8b1b1281e2820ee8ed7e133
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
suricata: ET MALWARE W32/Emotet CnC Beacon 3
suricata: ET MALWARE W32/Emotet CnC Beacon 3
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-