General
-
Target
Form.doc
-
Size
260KB
-
Sample
200213-yqeemxhn7a
-
MD5
c2b48d21764b195fb0ebbdd3d1bdd89a
-
SHA1
d8ca2aaba616f0281255a10634b6c4e17bb59336
-
SHA256
186ec909dc32c982ab4bd6b257bb25a2726df856d4cf6c829e06683c352c92b2
-
SHA512
c975a51bcf4cef1c345fcdadc59bd6b78ceeb96179b1c9621ef6070848f8452d8235b1d66223154edc7106cbe5d800e538a436c51e09f3828bf801849f740705
Malware Config
Extracted
http://adamwilt15.com/wp-content/INy1yG/
https://ansu.or.jp/wp-includes/Requests/wEX/
https://megafitsupplements.com/wp-admin/V5f4VC/
https://www.kaiwangdian.com/wp-includes/Hz/
https://vfxcool.com/wp-includes/Pkw/
Extracted
emotet
Epoch2
71.126.247.90:80
98.239.119.52:80
80.86.91.91:8080
104.236.28.47:8080
47.155.214.239:443
180.92.239.110:8080
87.106.136.232:8080
76.104.80.47:80
173.16.62.227:80
92.222.216.44:8080
47.153.183.211:80
74.130.83.133:80
47.156.70.145:80
110.36.217.66:8080
160.16.215.66:8080
200.116.145.225:443
181.13.24.82:80
24.94.237.248:80
5.32.55.214:80
31.172.240.91:8080
Targets
-
-
Target
Form.doc
-
Size
260KB
-
MD5
c2b48d21764b195fb0ebbdd3d1bdd89a
-
SHA1
d8ca2aaba616f0281255a10634b6c4e17bb59336
-
SHA256
186ec909dc32c982ab4bd6b257bb25a2726df856d4cf6c829e06683c352c92b2
-
SHA512
c975a51bcf4cef1c345fcdadc59bd6b78ceeb96179b1c9621ef6070848f8452d8235b1d66223154edc7106cbe5d800e538a436c51e09f3828bf801849f740705
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Modifies system certificate store
-
Drops file in System32 directory
-