General
-
Target
SecuriteInfo.com.Exploit.Siggen2.11929.5227.9410
-
Size
168KB
-
Sample
200801-2dp52555en
-
MD5
9818d6a4e594ec8dff03c6fd4115d3fc
-
SHA1
a0914b69782965ba17fbdf6a26f3a261d368e60e
-
SHA256
b788c3eb69332103a2934da12e1a1675bdda621b08a33cd5f6dca0c6980c18c3
-
SHA512
caccb715aaa2ddadf315f7ec072f898fcd05cd257580c359d41162eeedfeef1d50fb2b5c89a749ad39f4f325e1b66c03a4321652a3bd02b7f1c11293cf57a5ee
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen2.11929.5227.9410.doc
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen2.11929.5227.9410.doc
Resource
win10
Malware Config
Extracted
http://yeichner.com/old/iyv0hf8926444/
http://ensource.co.uk/EAYO10088k/32eMeaoiq7963578/
http://withdrake.com/stacymgreen/etqjdgf4343351/
http://spitzertech.net/wp-content/D9pmd93694/
http://www.giardinosullamaremma.it/wp-content/MnICFTr/
Extracted
emotet
Epoch3
201.235.10.215:80
198.57.203.63:8080
163.172.107.70:8080
172.105.78.244:8080
107.161.30.122:8080
203.153.216.182:7080
37.46.129.215:8080
201.214.108.231:80
178.33.167.120:8080
181.113.229.139:443
192.210.217.94:8080
24.157.25.203:80
94.96.60.191:80
157.7.164.178:8081
75.127.14.170:8080
189.146.1.78:443
190.164.75.175:80
192.241.220.183:8080
190.55.233.156:80
91.83.93.103:443
144.139.91.187:80
87.106.231.60:8080
140.207.113.106:443
139.59.12.63:8080
181.167.35.84:80
50.116.78.109:8080
74.208.173.91:8080
46.49.124.53:80
81.17.93.134:80
81.214.253.80:443
46.32.229.152:8080
41.185.29.128:8080
190.111.215.4:8080
216.75.37.196:8080
37.70.131.107:80
181.143.101.19:8080
115.79.195.246:80
192.163.221.191:8080
87.252.100.28:80
181.164.110.7:80
89.108.158.234:8080
105.209.239.55:80
181.134.9.162:80
185.142.236.163:443
195.201.56.70:8080
78.189.111.208:443
113.160.180.109:80
5.79.70.250:8080
37.208.106.146:8080
179.5.118.12:80
203.153.216.178:7080
177.144.130.105:443
75.139.38.211:80
177.37.81.212:443
77.74.78.80:443
78.188.170.128:80
212.156.133.218:80
113.161.148.81:80
46.105.131.68:8080
51.38.201.19:7080
143.95.101.72:8080
212.112.113.235:80
Targets
-
-
Target
SecuriteInfo.com.Exploit.Siggen2.11929.5227.9410
-
Size
168KB
-
MD5
9818d6a4e594ec8dff03c6fd4115d3fc
-
SHA1
a0914b69782965ba17fbdf6a26f3a261d368e60e
-
SHA256
b788c3eb69332103a2934da12e1a1675bdda621b08a33cd5f6dca0c6980c18c3
-
SHA512
caccb715aaa2ddadf315f7ec072f898fcd05cd257580c359d41162eeedfeef1d50fb2b5c89a749ad39f4f325e1b66c03a4321652a3bd02b7f1c11293cf57a5ee
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-