General
-
Target
DOCUMENT_61.zip
-
Size
42KB
-
Sample
221109-v6fr6aagg8
-
MD5
1b0c2f9fe9db8a5b640ef208cdeae003
-
SHA1
95002150cd6d0da178aad86d3078cf8509d2e30b
-
SHA256
795277af201b985e77cc9cc41586e491f6736c2f9bb476a8e307725937ca1fb5
-
SHA512
0ffeb9883b9cc2357f8107a57bc2b54afa097d6acda74576633dfc2dd5a44addac68e41d8d33fb451eb1bc1d155bf004b665241d84cd6b90f36d73baa0fa4831
-
SSDEEP
768:sf9GvPqsv3ITcgZhRukWRUxiyeSkQR6OZ+frkKIpnhBtCV94s52XvN1VkGW:aGvZv3ITc49ICxeSvD8Dkblnto4s52vG
Behavioral task
behavioral1
Sample
DOCUMENT_61.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DOCUMENT_61.xls
Resource
win10v2004-20220901-en
Malware Config
Extracted
http://yesdeko.com/app/mydLAE/
http://demo.cansunoto.com/lYqTuQ0qe5r2Y/JM1VqkOTTwt7Bvsu/
http://cultura.educad.pe/wp-content/Vy5ft0Rw/
http://nlasandbox3.com/backup/iCxLdPuH6tfxDQR2/
Extracted
emotet
Epoch5
178.238.225.252:8080
139.196.72.155:8080
36.67.23.59:443
103.56.149.105:8080
37.44.244.177:8080
85.25.120.45:8080
202.134.4.210:7080
78.47.204.80:443
83.229.80.93:8080
93.104.209.107:8080
80.211.107.116:8080
165.22.254.236:8080
104.244.79.94:443
185.148.169.10:8080
190.145.8.4:443
175.126.176.79:8080
139.59.80.108:8080
188.165.79.151:443
128.199.217.206:443
64.227.55.231:8080
218.38.121.17:443
103.71.99.57:8080
103.224.241.74:8080
128.199.242.164:8080
85.214.67.203:8080
103.254.12.236:7080
46.101.98.60:8080
178.62.112.199:8080
210.57.209.142:8080
195.77.239.39:8080
103.126.216.86:443
82.98.180.154:7080
202.28.34.99:8080
174.138.33.49:7080
160.16.143.191:8080
51.75.33.122:443
103.41.204.169:8080
186.250.48.5:443
87.106.97.83:7080
118.98.72.86:443
196.44.98.190:8080
103.85.95.4:8080
62.171.178.147:8080
54.37.228.122:443
114.79.130.68:443
198.199.70.22:8080
Targets
-
-
Target
DOCUMENT_61.xls
-
Size
91KB
-
MD5
c4a673c9512d203146d1fa215100ca9c
-
SHA1
4a4ab01a4ac4a7c83da4f264265c89beff881f95
-
SHA256
23e5c64fa6e92469a1965fa064aa9a913fb7992b49daedd7c1a9d46eeb9ce8ce
-
SHA512
195d758522e55e2ee1133c75d5a3692c6bd1ecf3ef2ef1337f367e94180880848f717980926d0f6d5932b4a078d64bc909ab53fad2d1d20aaef385844d242b4a
-
SSDEEP
1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dggbCXuZH4gb4CEn9J4ZsHM:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-