General
-
Target
ff78773c1273927730138962d05ed471611ad495
-
Size
217KB
-
Sample
221207-bkhj3seb5w
-
MD5
5a03d370a7b117639c9e4a537f0ea3ac
-
SHA1
ff78773c1273927730138962d05ed471611ad495
-
SHA256
5448fe5f744459507d71f6f73deecae110226fdb355969bcbc51c5cc08b840b9
-
SHA512
431aec4d4dc47685352801a0f58b10dbf6a321ca88b3961d661b60b0be274bb1885f06eb6ad3f4e0b108625430ba36a81fb3b27d824b1b6969951bf547f82cbe
-
SSDEEP
6144:HKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgByY+TAQXTHGUMEyP5p6f5jQml:BbGUMVWlbl
Malware Config
Extracted
http://ftp.agir-santeinternationale.com/doctors/KAacngW97n4ApzVBDdGy/
http://www.vinyz.com/admin3693/BDFFgAZ6zBRumcUSG/
http://ly.yjlianyi.top/wp-admin/NRAdJ/
http://www.muyehuayi.com/cmp/Vtm2m7z88g/
Extracted
emotet
Epoch4
45.235.8.30:8080
94.23.45.86:4143
119.59.103.152:8080
169.60.181.70:8080
164.68.99.3:8080
172.105.226.75:8080
107.170.39.149:8080
206.189.28.199:8080
1.234.2.232:8080
188.44.20.25:443
186.194.240.217:443
103.43.75.120:443
149.28.143.92:443
159.89.202.34:443
209.97.163.214:443
183.111.227.137:8080
129.232.188.93:443
139.59.126.41:443
110.232.117.186:8080
139.59.56.73:8080
Targets
-
-
Target
ff78773c1273927730138962d05ed471611ad495
-
Size
217KB
-
MD5
5a03d370a7b117639c9e4a537f0ea3ac
-
SHA1
ff78773c1273927730138962d05ed471611ad495
-
SHA256
5448fe5f744459507d71f6f73deecae110226fdb355969bcbc51c5cc08b840b9
-
SHA512
431aec4d4dc47685352801a0f58b10dbf6a321ca88b3961d661b60b0be274bb1885f06eb6ad3f4e0b108625430ba36a81fb3b27d824b1b6969951bf547f82cbe
-
SSDEEP
6144:HKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgByY+TAQXTHGUMEyP5p6f5jQml:BbGUMVWlbl
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-