https://app.any.run/tasks/1dbada1b-41f0-4f11-bc39-87556d59bd13/ 搬运
https://any.run/report/391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d/1dbada1b-41f0-4f11-bc39-87556d59bd13 文本资源策划
蓝奏云:https://www.lanzoux.com/iPovrfdohnc
IOC:
- Main object- "Form - Aug 07, 2020.doc"
- sha256 391ce14153952b5334532f0ac319f2060a8e5e52abfd4c0375db58043bbe800d
- sha1 2e8b35cf8724e0613711d88a231659ff24749f7b
- md5 d92ccd2735da44554dad9bb874ae0e13
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\SystemPropertiesPerformance\avifile.exe d6a825dc44e746b0d2875efc35bed8af51cd1fe3b5df6063c5da09d4c4f81045
- DNS requests
- domain mersia.com
- Connections
- ip 219.240.39.215
- ip 47.146.32.175
- HTTP/HTTPS requests
- url http://47.146.32.175/SCOesTZ1zSnranOm6g/
复制代码 TEXT ERPORT:
- General Info
- File name
- Form - Aug 07, 2020.doc
- Full analysis https://app.any.run/tasks/1dbada1b-41f0-4f11-bc39-87556d59bd13
- Verdict Malicious activity
- Threats:
- Emotet
- Emotet is one of the most dangerous trojans to have been created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns.
- Malware Trends Tracker
- More details
- Analysis date 8/7/2020, 09:15:32
- OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
- Tags: macros macros-on-open generated-doc emotet-doc emotet trojan
- Indicators:
- MIME: application/msword
- File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Sit., Author: Lola Maillard, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Aug 6 23:34:00 2020, Last Saved Time/Date: Thu Aug 6 23:34:00 2020, Number of Pages: 1, Number of Words: 3, Number of Characters: 19, Security: 0
- MD5
- D92CCD2735DA44554DAD9BB874AE0E13
- SHA1
- 2E8B35CF8724E0613711D88A231659FF24749F7B
- SHA256
- 391CE14153952B5334532F0AC319F2060A8E5E52ABFD4C0375DB58043BBE800D
- SSDEEP
- 3072:K4PRXCUQUVPZM4BKIAMQGALS6IWZ4HSRAWLQRB:RDRV1M4BNQGISJBHSRAWLQRB
复制代码
|