General
-
Target
8264945492.zip
-
Size
168KB
-
Sample
221104-rydfaagag3
-
MD5
a5257bd298d6edb935686a5a137feb7f
-
SHA1
e261f6a05231aa345bc282bcd0098f6a6a95f111
-
SHA256
42ccca454cbe9989d8928bc35868a90345944871dd607cdbf2c81c8f6b23b276
-
SHA512
cfb1c9b41cc0d68ef79435cf97b59807cd4dfb6c4beba22368b36f295bd50f3de0f28e11a63db445ef530320b8d703f9f8e22bf3e463b7ac9b9980a60dfe02d1
-
SSDEEP
3072:KV63DqeZHyEsv1czkgNYRUEz1sJgNLg5RnBeDVGkH5e8ZfRDeSuTA:KVmZS59cgjCK0ALgXQDwkHQ8Heg
Malware Config
Extracted
http://ftp.agir-santeinternationale.com/doctors/KAacngW97n4ApzVBDdGy/
http://www.vinyz.com/admin3693/BDFFgAZ6zBRumcUSG/
http://ly.yjlianyi.top/wp-admin/NRAdJ/
http://www.muyehuayi.com/cmp/Vtm2m7z88g/
Extracted
emotet
Epoch4
45.235.8.30:8080
94.23.45.86:4143
119.59.103.152:8080
169.60.181.70:8080
164.68.99.3:8080
172.105.226.75:8080
107.170.39.149:8080
206.189.28.199:8080
1.234.2.232:8080
188.44.20.25:443
186.194.240.217:443
103.43.75.120:443
149.28.143.92:443
159.89.202.34:443
209.97.163.214:443
183.111.227.137:8080
129.232.188.93:443
139.59.126.41:443
110.232.117.186:8080
139.59.56.73:8080
Targets
-
-
Target
b75282df33ca2b4187f6471fee300d981b4633c4378d3cca0f75638c6be8f021
-
Size
217KB
-
MD5
ebd96543510e58973ec7c9feb3e3edba
-
SHA1
b12b12e12e7f166274a4d22bd365fa6c1cea687f
-
SHA256
b75282df33ca2b4187f6471fee300d981b4633c4378d3cca0f75638c6be8f021
-
SHA512
db2634d933fa2684c75d2e07b8eab0813b9af47f0f1014191a65acbd8213ccdca5299cea6250948243c063497f94304dbac643488631aaa0d6cdb039c878e944
-
SSDEEP
6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgByY+TAQXTHGUMEyP5p6f5jQmY:wbGUMVWlbY
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-