General
-
Target
9406991950efaebb87aff68e0d3573fd59655678366a5940956c37b25d02226a.xlsm
-
Size
56KB
-
Sample
220312-lzmgpabcd2
-
MD5
85cd152bb0ff67e1645c1dc9d6ddf576
-
SHA1
a7223037d9832b2d735660578dc9b117d44229c6
-
SHA256
9406991950efaebb87aff68e0d3573fd59655678366a5940956c37b25d02226a
-
SHA512
0c6c187731343a3912d45552145ea06b926d9d5e8e214d37ce7223990b7d286a76ef1e37e9a71e7558e2d6f98df70463dcb1ba112adbc692941116f96419c3bc
Behavioral task
behavioral1
Sample
9406991950efaebb87aff68e0d3573fd59655678366a5940956c37b25d02226a.xlsm
Resource
win10-20220223-en
Malware Config
Extracted
http://blog.centerking.top/wp-admin/Ag4ORi0VN7riBwCSvvZ/
https://lucrecomconforto.com.br/zkxr/Wx1iq9PLeB5jBgb/
http://academiasuccesului.ro/parteneri/VbtNt/
http://melekler.atspace.cc/tests/JZm4UmD/
http://acerestoration.co.za/wp-admin/QKDLZ/
http://loko-architecten.nl/8606935E6826FD13AB6F770AA9FB41A6/HYTBhMFhi3bJ7/
https://sorteiovipbrasil.com.br/mkii-drum/gud2j4vtiyIC/
Extracted
http://blog.centerking.top/wp-admin/Ag4ORi0VN7riBwCSvvZ/
Extracted
emotet
Epoch5
51.75.33.122:443
186.250.48.5:80
168.119.39.118:443
207.148.81.119:8080
194.9.172.107:8080
139.196.72.155:8080
78.47.204.80:443
159.69.237.188:443
45.71.195.104:8080
54.37.106.167:8080
185.168.130.138:443
37.44.244.177:8080
185.184.25.78:8080
185.148.168.15:8080
128.199.192.135:8080
37.59.209.141:8080
103.41.204.169:8080
185.148.168.220:8080
103.42.58.120:7080
78.46.73.125:443
68.183.93.250:443
190.90.233.66:443
5.56.132.177:8080
62.171.178.147:8080
196.44.98.190:8080
168.197.250.14:80
66.42.57.149:443
59.148.253.194:443
104.131.62.48:8080
191.252.103.16:80
54.37.228.122:443
88.217.172.165:8080
195.77.239.39:8080
116.124.128.206:8080
93.104.209.107:8080
118.98.72.86:443
217.182.143.207:443
87.106.97.83:7080
210.57.209.142:8080
54.38.242.185:443
195.154.146.35:443
203.153.216.46:443
198.199.98.78:8080
85.214.67.203:8080
Targets
-
-
Target
9406991950efaebb87aff68e0d3573fd59655678366a5940956c37b25d02226a.xlsm
-
Size
56KB
-
MD5
85cd152bb0ff67e1645c1dc9d6ddf576
-
SHA1
a7223037d9832b2d735660578dc9b117d44229c6
-
SHA256
9406991950efaebb87aff68e0d3573fd59655678366a5940956c37b25d02226a
-
SHA512
0c6c187731343a3912d45552145ea06b926d9d5e8e214d37ce7223990b7d286a76ef1e37e9a71e7558e2d6f98df70463dcb1ba112adbc692941116f96419c3bc
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-