General
-
Target
Docs_ce0dbbcefdbfa0023395b5e11e31d2a2.71
-
Size
172KB
-
Sample
191210-g7xjlxl71j
-
MD5
ce0dbbcefdbfa0023395b5e11e31d2a2
-
SHA1
a90429e81423713838e009f165b96efb5fb297bb
-
SHA256
ad99c5c6a1b25fb1aa7e3803d11623a74abb080990d3dfe1e684397b77b019af
-
SHA512
8f6dd925b93677a5c240fabdcab9dfa3599a028630d7590693d9821099060acd0a4ff8eea4b8be470be692f9dcbaf0726a73e1a553364776d0ae59aeabe5a15b
Task
task1
Sample
Docs_ce0dbbcefdbfa0023395b5e11e31d2a2.71.doc
Resource
win7v191014
Malware Config
Extracted
http://bepeterson.futurismdemo.com/archive/y5o7/
http://www.gnc.happenizedev.com/backup/n99uf/
http://odoo-accounting.com/wp-includes/rest-api/search/R/
http://monoclepetes.com/disneyworldclassroom/sy52j7/
http://bakestories.com/0hikvh/Jm4QTsHwF/
Extracted
emotet
Epoch2
2.38.99.79:80
98.24.231.64:80
47.156.70.145:80
37.59.24.177:8080
66.34.201.20:7080
108.179.206.219:8080
45.56.88.91:443
206.189.112.148:8080
120.150.246.241:80
190.56.255.118:80
200.71.148.138:8080
192.241.255.77:8080
211.63.71.72:8080
190.53.135.159:21
183.102.238.69:465
108.191.2.72:80
107.170.24.125:8080
167.114.242.226:8080
91.73.197.90:80
178.209.71.63:8080
217.160.182.191:8080
45.51.40.140:80
189.209.217.49:80
128.65.154.183:443
91.205.215.66:8080
95.128.43.213:8080
190.12.119.180:443
62.75.187.192:8080
12.176.19.218:80
178.210.51.222:8080
87.230.19.21:8080
110.143.57.109:80
61.197.110.214:80
67.225.179.64:8080
74.105.102.97:8080
190.226.44.20:21
93.147.141.5:80
5.196.74.210:8080
212.64.171.206:80
173.13.135.102:80
190.147.215.53:22
201.184.105.242:443
78.24.219.147:8080
201.173.217.124:443
92.186.52.193:80
12.229.155.122:80
165.228.24.197:80
31.31.77.83:443
58.171.42.66:8080
181.31.213.158:8080
101.187.247.29:80
86.98.156.239:443
87.106.139.101:8080
181.57.193.14:80
116.48.142.21:443
164.68.101.171:80
176.31.200.130:8080
209.97.168.52:8080
46.105.131.87:80
24.45.193.161:7080
190.211.207.11:443
210.6.85.121:80
139.130.241.252:443
59.103.164.174:80
176.106.183.253:8080
66.76.63.99:80
92.222.216.44:8080
159.65.25.128:8080
206.81.10.215:8080
31.172.240.91:8080
212.186.191.177:80
195.244.215.206:80
209.141.54.221:8080
104.131.44.150:8080
37.157.194.134:443
107.2.2.28:80
50.116.86.205:8080
45.33.49.124:443
91.242.138.5:80
91.231.166.126:8080
100.14.117.137:80
188.152.7.140:80
80.11.163.139:21
144.139.247.220:80
182.176.132.213:8090
212.129.24.79:8080
110.142.38.16:80
167.71.10.37:8080
87.106.136.232:8080
1.33.230.137:80
104.131.11.150:8080
101.187.134.207:443
185.159.102.74:80
70.175.171.251:80
167.99.105.223:7080
104.236.246.93:8080
197.254.221.174:80
73.11.153.178:8080
149.202.153.252:8080
169.239.182.217:8080
5.88.182.250:80
165.227.156.155:443
173.70.81.77:80
91.187.80.246:80
186.75.241.230:80
200.7.243.108:443
83.136.245.190:8080
181.143.194.138:443
80.21.182.46:80
Targets
-
-
Target
Docs_ce0dbbcefdbfa0023395b5e11e31d2a2.71
-
Size
172KB
-
MD5
ce0dbbcefdbfa0023395b5e11e31d2a2
-
SHA1
a90429e81423713838e009f165b96efb5fb297bb
-
SHA256
ad99c5c6a1b25fb1aa7e3803d11623a74abb080990d3dfe1e684397b77b019af
-
SHA512
8f6dd925b93677a5c240fabdcab9dfa3599a028630d7590693d9821099060acd0a4ff8eea4b8be470be692f9dcbaf0726a73e1a553364776d0ae59aeabe5a15b
-
Executes dropped EXE
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-