General
-
Target
106.zip
-
Size
42KB
-
Sample
221109-2yj8yachb6
-
MD5
26741e7545261921b7b3b25ea146abf1
-
SHA1
1989d665a9afd8c9527b21348cd08bcb40c51c7a
-
SHA256
d82811f25dc0988f0d445cc1c99a8c96d4a2602ce80ce1a52a40cf7adc55c4c2
-
SHA512
0ba306c01f06c15162aa73e09be69548b0292685e80391858543525b46b7a7cc29ccd6d1eda4ccd7cf491b4f20414b93b092d94a8102035213cc5ff4b688efd6
-
SSDEEP
768:pcBr/czYKnk/fF56tB2DPO08utf3Gxaz2Cp8ghLIoqORuap1YdOv:pcBoUZd5SELO0BfGxGpfqa11YO
Behavioral task
behavioral1
Sample
106.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
106.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://fixoutlet.com/logs/OGlRuU/
http://www.cesasin.com.ar/administrator/viA95RR/
http://blacktequila.com.br/2fb62HWWoKi5nfEq2D/XB5VOAXZkhVhSKveYUV/
http://case.co.il/_js/dooigYa/
Extracted
emotet
Epoch5
178.238.225.252:8080
139.196.72.155:8080
36.67.23.59:443
103.56.149.105:8080
37.44.244.177:8080
85.25.120.45:8080
202.134.4.210:7080
78.47.204.80:443
83.229.80.93:8080
93.104.209.107:8080
80.211.107.116:8080
165.22.254.236:8080
104.244.79.94:443
185.148.169.10:8080
190.145.8.4:443
175.126.176.79:8080
139.59.80.108:8080
188.165.79.151:443
128.199.217.206:443
64.227.55.231:8080
218.38.121.17:443
103.71.99.57:8080
103.224.241.74:8080
128.199.242.164:8080
85.214.67.203:8080
103.254.12.236:7080
46.101.98.60:8080
178.62.112.199:8080
210.57.209.142:8080
195.77.239.39:8080
103.126.216.86:443
82.98.180.154:7080
202.28.34.99:8080
174.138.33.49:7080
160.16.143.191:8080
51.75.33.122:443
103.41.204.169:8080
186.250.48.5:443
87.106.97.83:7080
118.98.72.86:443
196.44.98.190:8080
103.85.95.4:8080
62.171.178.147:8080
54.37.228.122:443
114.79.130.68:443
198.199.70.22:8080
Targets
-
-
Target
106.xls
-
Size
91KB
-
MD5
23f51f65c070fa82d15215b42c581e66
-
SHA1
65e058c799d5f0548e0b711d729a65e5b0579ddc
-
SHA256
54bf698576f1e4c5e733e05e4dd7335deb621851f0b6a5c4bc2ec8ec8b6ed0e2
-
SHA512
e6e919c408d7c686604f5a78dd6aedf810bc4008f04240c0d43bab354b5cc17302191cb65a4ee6f725388558ddb9c72c2b77d7bb820a7d18c0f676cc1a788b24
-
SSDEEP
1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgIbCXuZH4gb4CEn9J4ZJhQvj:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgt
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-