General
-
Target
3179797679.zip
-
Size
42KB
-
Sample
221115-jbkl3sbh2w
-
MD5
250c3f3da99e5dbfb84174ffed69cb41
-
SHA1
80625fdb706a75b5cc45795c7db248fd8eda11a3
-
SHA256
324cdae9a340ea2e4fc1b2c93e3856f81de0a3ef3a4e40c4dc381ff76441b755
-
SHA512
b87d6c1f5de88bdc39ace9925309d17c36235228c3a8bbb9b7f92ad7f1174a3f99b3e719948522ea7eaccf494e44172b63368ea97b8039736bdc73f9904546b3
-
SSDEEP
768:jL5qGipsokAiVCj7+vel0PNgxySR/Zdv5qfFkK6wTAyHRK2homKpOGPnuxNJir7:jLliaoyVW26QQ/PRqf13TAyxK2amKp1p
Malware Config
Extracted
http://primefind.com/my_pictures/VjT203NcgE/
http://gla.ge/old_opera/drrGxxFy1osfV2/
https://swork.pl/de/8fj4XT/
http://www.fullwiz.com.br/erros/Wu9S9gAd/
Extracted
emotet
Epoch5
202.28.34.99:8080
80.211.107.116:8080
175.126.176.79:8080
218.38.121.17:443
139.196.72.155:8080
103.71.99.57:8080
87.106.97.83:7080
178.62.112.199:8080
64.227.55.231:8080
46.101.98.60:8080
54.37.228.122:443
128.199.217.206:443
190.145.8.4:443
209.239.112.82:8080
85.214.67.203:8080
198.199.70.22:8080
128.199.242.164:8080
178.238.225.252:8080
103.85.95.4:8080
103.126.216.86:443
Targets
-
-
Target
3179797679.xls
-
Size
96KB
-
MD5
dca79073883a3091a46256c71fa92f1b
-
SHA1
f89fd928319acd87c49bac025661ef73892123da
-
SHA256
d522d766de678cbf1a96f12a88569e44d97c9a0b372a0344be352e1f7a7bddbb
-
SHA512
55b566fc3c900662fb3b52df124d4f9dc18acb184e7c16445415aa9ee3133312ab4808275e257ec7b11d85bde48a6c8b9aad8de4d13357959c9a4441eaf04e0d
-
SSDEEP
3072:PKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgkOmH4wbH51QM:PKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgkb
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-