General
-
Target
Docs_0198cd350b8be7a6eac9439badbf6ee6.1
-
Size
183KB
-
Sample
191220-zvx3r4cedj
-
MD5
0198cd350b8be7a6eac9439badbf6ee6
-
SHA1
091e0de839c438ec0d65d035ffdc0d620d8e2e6f
-
SHA256
07519f4d0537e18fc8ff259b5caaedf93617cc90aefc91a51b8cfd75c656126d
-
SHA512
1d1233de4e4f98ec2850d6258baa755cb4b60a28b4cef415e4ac5293677a63762f5c5b0911ce798b4169fb876ff49c8a1fb4ffc2cee676161c48c5ea87975d66
Task
task1
Sample
Docs_0198cd350b8be7a6eac9439badbf6ee6.1.doc
Resource
win7v191014
Malware Config
Extracted
http://dejavugroup.com/wp-content/JTjHLbr/
http://dev7.developmentviewer.com/wp-admin/SYSQOx/
http://krishna-graphics.com/wp-admin/11x12xd-nobh27two-82927918/
http://laboratoriosanfrancisco1988.com/9rlkyc/Ccvvezsv/
http://lanyuewp.com/electrician/ig9eu0g-4q1oml1qc1-749166/
Extracted
emotet
Epoch3
98.178.241.106:80
190.171.153.139:80
179.5.118.12:8080
45.79.75.232:8080
124.150.175.133:80
164.68.115.146:8080
5.189.148.98:8080
46.105.128.215:8080
67.254.196.78:443
95.216.207.86:7080
181.46.176.38:80
98.15.140.226:80
217.12.70.226:80
115.179.91.58:80
41.190.148.90:80
162.144.46.90:8080
211.218.105.101:80
212.129.14.27:8080
120.51.83.89:443
200.41.121.69:443
81.82.247.216:80
138.197.140.163:8080
190.5.162.204:80
85.109.190.235:443
216.75.37.196:8080
41.77.74.214:443
86.6.123.109:80
203.160.173.202:80
211.48.165.9:443
158.69.167.246:8080
46.17.6.116:8080
24.27.122.202:80
177.103.240.93:80
110.142.161.90:80
108.184.9.44:80
46.105.131.68:8080
211.42.204.154:80
37.59.24.25:8080
89.215.225.15:80
23.253.207.142:8080
190.38.252.45:443
50.116.78.109:8080
94.203.236.122:80
86.70.224.211:80
174.57.150.13:8080
37.70.131.107:80
156.155.163.232:80
212.112.113.235:80
85.235.219.74:80
51.77.113.97:8080
78.46.87.133:8080
200.71.112.158:53
201.196.15.79:990
190.161.67.63:80
112.186.195.176:80
82.146.55.23:7080
78.187.204.70:80
188.230.134.205:80
189.61.200.9:443
195.250.143.182:80
37.46.129.215:8080
185.244.167.25:443
58.93.151.148:80
66.229.161.86:443
100.38.11.243:80
92.16.222.156:80
175.127.140.68:80
201.183.251.100:80
59.158.164.66:443
175.103.239.50:80
203.153.216.178:7080
154.120.227.190:443
124.150.175.129:8080
51.38.134.203:8080
72.27.212.209:8080
210.224.65.117:80
128.92.54.20:80
91.117.31.181:80
69.30.205.162:7080
142.93.87.198:8080
78.186.102.195:80
210.171.146.118:80
177.144.130.105:443
178.134.1.238:80
189.225.211.171:443
190.93.210.113:80
220.78.29.88:80
165.100.148.200:8080
72.51.153.27:80
95.216.212.157:8080
191.100.24.201:50000
187.250.92.82:80
58.185.224.18:80
217.181.139.237:443
83.156.88.159:80
221.154.59.110:80
82.79.244.92:80
197.94.32.129:8080
181.167.35.84:80
42.51.192.231:8080
113.52.135.33:7080
190.17.94.108:443
192.210.217.94:8080
190.47.236.83:80
176.58.93.123:80
95.9.217.200:8080
139.59.12.63:8080
96.234.38.186:8080
82.165.15.188:8080
193.33.38.208:443
88.247.26.78:80
87.9.181.247:80
86.98.157.3:80
192.161.190.171:8080
110.2.118.164:80
95.255.140.89:443
41.111.190.94:80
163.172.97.112:8080
186.84.173.136:8080
210.111.160.220:80
182.176.116.139:995
172.104.70.207:8080
24.28.178.71:80
190.101.87.170:80
192.241.220.183:8080
91.117.131.122:80
69.14.208.221:80
Targets
-
-
Target
Docs_0198cd350b8be7a6eac9439badbf6ee6.1
-
Size
183KB
-
MD5
0198cd350b8be7a6eac9439badbf6ee6
-
SHA1
091e0de839c438ec0d65d035ffdc0d620d8e2e6f
-
SHA256
07519f4d0537e18fc8ff259b5caaedf93617cc90aefc91a51b8cfd75c656126d
-
SHA512
1d1233de4e4f98ec2850d6258baa755cb4b60a28b4cef415e4ac5293677a63762f5c5b0911ce798b4169fb876ff49c8a1fb4ffc2cee676161c48c5ea87975d66
-
Process spawned unexpected child process
-
Executes dropped EXE
-
Drops file in System32 directory
-