General
-
Target
SecuriteInfo.com.Exploit.Siggen2.12917.8592.9111
-
Size
175KB
-
Sample
200801-x86th5ble2
-
MD5
84b4a3bdfd680dc3fde940f31a74dc97
-
SHA1
e0ca5c78044b5feee5e67dc4e74a7420d5705f05
-
SHA256
501948f523c9bce4662fe102da5d632e953fccc2f521565eabc8f424297a4f1f
-
SHA512
fbeac6eb5aefb96957026ffd95368ce9c6d7822dec96eb391983807d69a045d90c24bec19a3347f50626a669d4729033bafe0036b92e64152b71edeb251a67e8
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen2.12917.8592.9111.doc
Resource
win7
Malware Config
Extracted
http://jkncrew.com/cgi-bin/KhSO16ZAAf/
http://jmlandscapingservice.com/content/fhGAfKs/
http://jimlowry.com/dlqCTc01p/
http://www.lesliemontenegro.com/wp-includes/I1hHqDE6/
http://johnkeanestudios.com/r00t/vAWElRm/
Extracted
emotet
Epoch1
73.116.193.136:80
185.94.252.13:443
149.62.173.247:8080
89.32.150.160:8080
185.94.252.12:80
77.90.136.129:8080
83.169.21.32:7080
104.236.161.64:8080
114.109.179.60:80
189.2.177.210:443
68.183.190.199:8080
144.139.91.187:443
185.94.252.27:443
190.181.235.46:80
82.196.15.205:8080
46.28.111.142:7080
181.167.96.215:80
202.62.39.111:80
219.92.13.25:80
191.99.160.58:80
50.28.51.143:8080
172.104.169.32:8080
192.241.146.84:8080
82.240.207.95:443
80.249.176.206:80
2.47.112.152:80
212.231.60.98:80
77.55.211.77:8080
170.81.48.2:80
5.196.35.138:7080
143.0.87.101:80
190.6.193.152:8080
217.199.160.224:7080
187.162.248.237:80
93.151.186.85:80
177.74.228.34:80
204.225.249.100:7080
217.13.106.14:8080
51.255.165.160:8080
104.131.103.37:8080
177.72.13.80:80
190.163.31.26:80
186.70.127.199:8090
61.92.159.208:8080
12.162.84.2:8080
71.50.31.38:80
186.250.52.226:8080
92.23.34.86:80
177.144.135.2:80
201.213.156.176:80
190.147.137.153:443
94.176.234.118:443
181.129.96.162:8080
178.79.163.131:8080
111.67.12.221:8080
177.66.190.130:80
191.182.6.118:80
68.183.170.114:8080
177.73.0.98:443
203.25.159.3:8080
45.161.242.102:80
181.120.79.227:80
72.47.248.48:7080
177.139.131.143:443
189.194.58.119:80
137.74.106.111:7080
189.1.185.98:8080
190.194.242.254:443
190.17.195.202:80
192.241.143.52:8080
87.106.46.107:8080
212.71.237.140:8080
179.60.229.168:443
70.32.84.74:8080
70.32.115.157:8080
104.131.41.185:8080
Targets
-
-
Target
SecuriteInfo.com.Exploit.Siggen2.12917.8592.9111
-
Size
175KB
-
MD5
84b4a3bdfd680dc3fde940f31a74dc97
-
SHA1
e0ca5c78044b5feee5e67dc4e74a7420d5705f05
-
SHA256
501948f523c9bce4662fe102da5d632e953fccc2f521565eabc8f424297a4f1f
-
SHA512
fbeac6eb5aefb96957026ffd95368ce9c6d7822dec96eb391983807d69a045d90c24bec19a3347f50626a669d4729033bafe0036b92e64152b71edeb251a67e8
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-