https://app.any.run/tasks/092ac3bd-dea6-4a39-85fa-8b4fe2d85ce2/ 搬运
https://any.run/report/73e2caa408d07e0108e48b2636910a8894434b6f052b80a142eadc2b8e4390fe/092ac3bd-dea6-4a39-85fa-8b4fe2d85ce2 文本资源策划
蓝奏云:https://www.lanzoux.com/imzgzfdoeri
IOC:
- Main object- "Details-08072020-Y92639.rtf"
- sha256 73e2caa408d07e0108e48b2636910a8894434b6f052b80a142eadc2b8e4390fe
- sha1 38d7fe7b67c4744b1ea129902da7c0c4f6079c5b
- md5 4861579583bcb0f4d404f666c248ef77
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\ExplorerFrame\FirewallControlPanel.exe a075e0bd7a368eca389880829c42b3e9922519e6a5a6a634fa4f1cc4cec6bf72
- DNS requests
- domain webstack.com.au
- Connections
- ip 198.74.50.152
- ip 82.76.111.249
- ip 116.125.120.88
- HTTP/HTTPS requests
- url http://webstack.com.au/wp-includes/U890802/
- url http://82.76.111.249:443/u1AgH1TI/lr87XX8aDGuybXk50ZA/vov8qxGyq/
- url http://116.125.120.88:443/kifP5GaZI13sDY/lvFrhGV6fcTsdRge6W/n9N4HUll/
复制代码 TEXT ERPORT:
- General Info
- File name
- Details-08072020-Y92639.rtf
- Full analysis https://app.any.run/tasks/092ac3bd-dea6-4a39-85fa-8b4fe2d85ce2
- Verdict Malicious activity
- Threats:
- Emotet
- Emotet is one of the most dangerous trojans to have been created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns.
- Malware Trends Tracker
- More details
- Analysis date 8/7/2020, 09:08:57
- OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
- Tags: macros macros-on-open emotet-doc emotet generated-doc loader trojan
- Indicators:
- MIME: application/msword
- File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Et., Author: Thomas Rousseau, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Aug 6 23:18:00 2020, Last Saved Time/Date: Thu Aug 6 23:18:00 2020, Number of Pages: 1, Number of Words: 5, Number of Characters: 29, Security: 0
- MD5
- 4861579583BCB0F4D404F666C248EF77
- SHA1
- 38D7FE7B67C4744B1EA129902DA7C0C4F6079C5B
- SHA256
- 73E2CAA408D07E0108E48B2636910A8894434B6F052B80A142EADC2B8E4390FE
- SSDEEP
- 3072:Z4PRXCUQUVPZM4BKIAMQGALSZLJUHWNYWPU/QK:MDRV1M4BNQGISTJUHWNYWPU/QK
复制代码
|