General
-
Target
untitled_0911.xls
-
Size
91KB
-
Sample
221118-b68y6acc3z
-
MD5
3b7c1af004581e0081622da0aa1e7bb1
-
SHA1
200b021751f34af2f7d571b18d22127573caad2d
-
SHA256
22b930d5b30553606c6dc4e340eff495ae3fdf7297e2b8bab9af3296f24b14c7
-
SHA512
dab54cac66c6a95f19f1abe4c9f1d779007c95abd59d61a12a0a8147497bf752ad9b698a123d197c706eb18baa794b09adbf965912f3079ffacce9d16e3f6324
-
SSDEEP
1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgObCXuZH4gb4CEn9J4Z70O:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu
Behavioral task
behavioral1
Sample
untitled_0911.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
untitled_0911.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://bevos-training.com/images/MtzUd/
http://ec2-52-89-237-150.us-west-2.compute.amazonaws.com/bhr/wwqjkbu6mk/
http://bwsengineering.co.za/configSHV/H0Rs/
http://ctel.com.my/images/J5FV3DsngleQ3/
Extracted
emotet
Epoch5
202.28.34.99:8080
80.211.107.116:8080
175.126.176.79:8080
218.38.121.17:443
139.196.72.155:8080
103.71.99.57:8080
87.106.97.83:7080
178.62.112.199:8080
64.227.55.231:8080
46.101.98.60:8080
54.37.228.122:443
128.199.217.206:443
190.145.8.4:443
209.239.112.82:8080
85.214.67.203:8080
198.199.70.22:8080
128.199.242.164:8080
178.238.225.252:8080
103.85.95.4:8080
103.126.216.86:443
104.244.79.94:443
36.67.23.59:443
37.44.244.177:8080
160.16.143.191:8080
85.25.120.45:8080
103.56.149.105:8080
210.57.209.142:8080
195.77.239.39:8080
62.171.178.147:8080
118.98.72.86:443
103.224.241.74:8080
185.148.169.10:8080
103.41.204.169:8080
186.250.48.5:443
165.22.254.236:8080
93.104.209.107:8080
139.59.80.108:8080
196.44.98.190:8080
114.79.130.68:443
115.178.55.22:80
103.254.12.236:7080
172.105.115.71:8080
174.138.33.49:7080
51.75.33.122:443
83.229.80.93:8080
78.47.204.80:443
188.165.79.151:443
202.134.4.210:7080
82.98.180.154:7080
Targets
-
-
Target
untitled_0911.xls
-
Size
91KB
-
MD5
3b7c1af004581e0081622da0aa1e7bb1
-
SHA1
200b021751f34af2f7d571b18d22127573caad2d
-
SHA256
22b930d5b30553606c6dc4e340eff495ae3fdf7297e2b8bab9af3296f24b14c7
-
SHA512
dab54cac66c6a95f19f1abe4c9f1d779007c95abd59d61a12a0a8147497bf752ad9b698a123d197c706eb18baa794b09adbf965912f3079ffacce9d16e3f6324
-
SSDEEP
1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgObCXuZH4gb4CEn9J4Z70O:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-