General
-
Target
27950.xls
-
Size
221KB
-
Sample
221107-r337hacbe2
-
MD5
bab93d6ad3bb2f48f9a94a351ed286e5
-
SHA1
dc0990bf9de4f4fe61ae705a16fa5240d825b0ae
-
SHA256
cde22596b9fea502adfa8890f763f2a01b08cb1d4cb205d392f1ebcc486da04a
-
SHA512
067a58f327c10e2186920ab301d8c675a32ea040771122064abd4ea7605b1ce321126a2c81ac10ef7a6036fb7923c3a4921f4f159f72064505b62d49bae08fec
-
SSDEEP
6144:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgzmnaVGraWWqXqzzyd17O6t0RmUoBb:aXWWqazOd165Rmvb
Malware Config
Extracted
https://datie-tw.com/img/SvH/
http://central-nutrition.com/wp-content/Nh1L6YR4qlDFWS58cVB/
http://championsfactorysampaios.com.br/xt5HKu/tDs8WsKOxQFq/
https://dacsandongthapmuoi.vn/system/cron/HwOtNCFo/
Extracted
emotet
Epoch5
178.238.225.252:8080
139.196.72.155:8080
36.67.23.59:443
103.56.149.105:8080
37.44.244.177:8080
85.25.120.45:8080
202.134.4.210:7080
78.47.204.80:443
83.229.80.93:8080
93.104.209.107:8080
80.211.107.116:8080
165.22.254.236:8080
104.244.79.94:443
185.148.169.10:8080
190.145.8.4:443
175.126.176.79:8080
139.59.80.108:8080
188.165.79.151:443
128.199.217.206:443
64.227.55.231:8080
Targets
-
-
Target
27950.xls
-
Size
221KB
-
MD5
bab93d6ad3bb2f48f9a94a351ed286e5
-
SHA1
dc0990bf9de4f4fe61ae705a16fa5240d825b0ae
-
SHA256
cde22596b9fea502adfa8890f763f2a01b08cb1d4cb205d392f1ebcc486da04a
-
SHA512
067a58f327c10e2186920ab301d8c675a32ea040771122064abd4ea7605b1ce321126a2c81ac10ef7a6036fb7923c3a4921f4f159f72064505b62d49bae08fec
-
SSDEEP
6144:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgzmnaVGraWWqXqzzyd17O6t0RmUoBb:aXWWqazOd165Rmvb
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-