General
-
Target
d302c01c562bbf6bfeb3d4eeae3d9d806a95b8aca9fd76eb06e13a56331543b9.xls
-
Size
217KB
-
Sample
221104-bwyensbgcn
-
MD5
1b9775c1e1457365da67dd59ddeb25d1
-
SHA1
f9078f45cd91b1701e364b0a6cd45faef45b8036
-
SHA256
d302c01c562bbf6bfeb3d4eeae3d9d806a95b8aca9fd76eb06e13a56331543b9
-
SHA512
cdaecc9aaf435421d639226420e8803b4d85b1a775b3fb1491753abb6c4a379aa57d9dfd07c3ca2f521ddc0f49a55505aeb941b2c0b5c87071927b3756b8b09f
-
SSDEEP
6144:zKpb8rGYrMPe3q7Q0XV5xtuEsi8/dglyY+TAQXTHGUMEyP5p6f5jQm7lnT:1bGUMVWlbN
Malware Config
Extracted
http://app.clubdedocentes.com/storage/DCcq9ekgH99sI/
http://linhkiendoc.com/app/payments/qoy5JqpLqrbsKl/
http://sourcecool.com/throng/iOD/
Extracted
emotet
Epoch4
45.235.8.30:8080
94.23.45.86:4143
119.59.103.152:8080
169.60.181.70:8080
164.68.99.3:8080
172.105.226.75:8080
107.170.39.149:8080
206.189.28.199:8080
1.234.2.232:8080
188.44.20.25:443
186.194.240.217:443
103.43.75.120:443
149.28.143.92:443
159.89.202.34:443
209.97.163.214:443
183.111.227.137:8080
129.232.188.93:443
139.59.126.41:443
110.232.117.186:8080
139.59.56.73:8080
Targets
-
-
Target
d302c01c562bbf6bfeb3d4eeae3d9d806a95b8aca9fd76eb06e13a56331543b9.xls
-
Size
217KB
-
MD5
1b9775c1e1457365da67dd59ddeb25d1
-
SHA1
f9078f45cd91b1701e364b0a6cd45faef45b8036
-
SHA256
d302c01c562bbf6bfeb3d4eeae3d9d806a95b8aca9fd76eb06e13a56331543b9
-
SHA512
cdaecc9aaf435421d639226420e8803b4d85b1a775b3fb1491753abb6c4a379aa57d9dfd07c3ca2f521ddc0f49a55505aeb941b2c0b5c87071927b3756b8b09f
-
SSDEEP
6144:zKpb8rGYrMPe3q7Q0XV5xtuEsi8/dglyY+TAQXTHGUMEyP5p6f5jQm7lnT:1bGUMVWlbN
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-