General
-
Target
1211.xls
-
Size
96KB
-
Sample
221113-ea1jpadd7w
-
MD5
61702e522745bf911053f505bd144d2e
-
SHA1
e0a4a67d3dae7af500c457117bcc97fc9e452efc
-
SHA256
4bbdeba86763e0ef1ef5a037b6a97a03fb37a44394773a5c8d6c126f12babc63
-
SHA512
5c3d7db6b0235a8698513e93d1f09384bc4d4483d5530e9a9262dacb73bd66179f29d666ae36f975004daa511229f49586cfddc09fa6821a68768cf7ff647cc0
-
SSDEEP
3072:PKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgnOmH4wbH5M:PKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgnw
Behavioral task
behavioral1
Sample
1211.xls
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1211.xls
Resource
win10-20220812-en
Malware Config
Extracted
http://fromthetrenchesworldreport.com/analytics/ZY5ntk/
http://d4842.cp.irishdomains.com/issa/images/kbwwxkgV1akI2jW8ZKs/
http://erkaradyator.com.tr/Areas/Ar2lgC3yhtxBY/
http://forgione.com.ar/genealogia/dRBVyl/
Extracted
emotet
Epoch5
202.28.34.99:8080
80.211.107.116:8080
175.126.176.79:8080
218.38.121.17:443
139.196.72.155:8080
103.71.99.57:8080
87.106.97.83:7080
178.62.112.199:8080
64.227.55.231:8080
46.101.98.60:8080
54.37.228.122:443
128.199.217.206:443
190.145.8.4:443
209.239.112.82:8080
85.214.67.203:8080
198.199.70.22:8080
128.199.242.164:8080
178.238.225.252:8080
103.85.95.4:8080
103.126.216.86:443
104.244.79.94:443
36.67.23.59:443
37.44.244.177:8080
160.16.143.191:8080
85.25.120.45:8080
103.56.149.105:8080
210.57.209.142:8080
195.77.239.39:8080
62.171.178.147:8080
118.98.72.86:443
103.224.241.74:8080
185.148.169.10:8080
103.41.204.169:8080
186.250.48.5:443
165.22.254.236:8080
93.104.209.107:8080
139.59.80.108:8080
196.44.98.190:8080
114.79.130.68:443
115.178.55.22:80
103.254.12.236:7080
172.105.115.71:8080
174.138.33.49:7080
51.75.33.122:443
83.229.80.93:8080
78.47.204.80:443
188.165.79.151:443
202.134.4.210:7080
82.98.180.154:7080
Targets
-
-
Target
1211.xls
-
Size
96KB
-
MD5
61702e522745bf911053f505bd144d2e
-
SHA1
e0a4a67d3dae7af500c457117bcc97fc9e452efc
-
SHA256
4bbdeba86763e0ef1ef5a037b6a97a03fb37a44394773a5c8d6c126f12babc63
-
SHA512
5c3d7db6b0235a8698513e93d1f09384bc4d4483d5530e9a9262dacb73bd66179f29d666ae36f975004daa511229f49586cfddc09fa6821a68768cf7ff647cc0
-
SSDEEP
3072:PKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgnOmH4wbH5M:PKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgnw
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-