Overview
overview
10Static
static
8199a2e0e1b...c0.xls
windows7-x64
10199a2e0e1b...c0.xls
windows10-2004-x64
101c5f2ca983...ac.xls
windows7-x64
101c5f2ca983...ac.xls
windows10-2004-x64
1027a65553a3...ac.xls
windows7-x64
1027a65553a3...ac.xls
windows10-2004-x64
1403e70970c...52.xls
windows7-x64
10403e70970c...52.xls
windows10-2004-x64
10470c6543c2...ac.xls
windows7-x64
10470c6543c2...ac.xls
windows10-2004-x64
105a63ab6f7e...6e.xls
windows7-x64
105a63ab6f7e...6e.xls
windows10-2004-x64
1061e7a5bc6d...61.xls
windows7-x64
1061e7a5bc6d...61.xls
windows10-2004-x64
107f68771114...a7.xls
windows7-x64
107f68771114...a7.xls
windows10-2004-x64
107ffe4ba808...d6.xls
windows7-x64
107ffe4ba808...d6.xls
windows10-2004-x64
108c3cfdd7e1...ed.xls
windows7-x64
108c3cfdd7e1...ed.xls
windows10-2004-x64
10a821b7d549...16.xls
windows7-x64
10a821b7d549...16.xls
windows10-2004-x64
10b0fb5f6486...01.xls
windows7-x64
10b0fb5f6486...01.xls
windows10-2004-x64
10bd310a2a64...a2.xls
windows7-x64
10bd310a2a64...a2.xls
windows10-2004-x64
1General
-
Target
8667948243.zip
-
Size
2.4MB
-
Sample
230103-dzfedacg9s
-
MD5
f071018b9ed0d80dde523ebfd185383a
-
SHA1
88bfac1b0697283e49a0068f33d952aa3c2a5d59
-
SHA256
50f5316c84df540350104b16bed310b39f26ea082114e95c47f042619ddebb40
-
SHA512
7b94a52cb36aaa0dd174caca04a21abb0875e746698877b3e8e8ac0d0c1b4c6fac250ce6fda5812cdf5571180b429ef796c3bc2c1dfe0176dc1dd4a61b15768a
-
SSDEEP
49152:q6526QAA2+ysoUkVlK+/q3Wq298iXDuC8XnakdEuC8Xn45hmuC8Xnr:h5gg3KWq3Xe8iSC83akHC834rC83r
Behavioral task
behavioral1
Sample
199a2e0e1bb46a5dd8eb3a58aa55de157f6005c65b70245e71cecec4905cc2c0.xls
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
199a2e0e1bb46a5dd8eb3a58aa55de157f6005c65b70245e71cecec4905cc2c0.xls
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
1c5f2ca9839078742383b207721ce92fdfa70ac50e5d7b73c2488d47f7e5ebac.xls
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
1c5f2ca9839078742383b207721ce92fdfa70ac50e5d7b73c2488d47f7e5ebac.xls
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
27a65553a3560c4e36589cc0da79c8713db4ab009ce4e687b51b302c9d5480ac.xls
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
27a65553a3560c4e36589cc0da79c8713db4ab009ce4e687b51b302c9d5480ac.xls
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
403e70970c9b6f4669f5446607042721caaa2235ebd610c31e1a5f7fc917d752.xls
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
403e70970c9b6f4669f5446607042721caaa2235ebd610c31e1a5f7fc917d752.xls
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
470c6543c277decdbc2ad9f4d825b32e22b6a1ab37fcc337645371a5a3819aac.xls
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
470c6543c277decdbc2ad9f4d825b32e22b6a1ab37fcc337645371a5a3819aac.xls
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
5a63ab6f7ef4d61c6d67fddff5883778b3235ef83b36bfced892d6dbc1a7416e.xls
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
5a63ab6f7ef4d61c6d67fddff5883778b3235ef83b36bfced892d6dbc1a7416e.xls
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
61e7a5bc6dda4cdf7d6c21edbabc61b22a616014d8648a8d43a83d03f5d75d61.xls
Resource
win7-20220901-en
Behavioral task
behavioral14
Sample
61e7a5bc6dda4cdf7d6c21edbabc61b22a616014d8648a8d43a83d03f5d75d61.xls
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
7f687711143b9895361fc01c72b0c1090eef0fdb250a1dfa17e35901212cc1a7.xls
Resource
win7-20220812-en
Behavioral task
behavioral16
Sample
7f687711143b9895361fc01c72b0c1090eef0fdb250a1dfa17e35901212cc1a7.xls
Resource
win10v2004-20221111-en
Behavioral task
behavioral17
Sample
7ffe4ba8088b1e11c2d9579c721467862b9f7bb8d2bc4515be23dcd15036ebd6.xls
Resource
win7-20221111-en
Behavioral task
behavioral18
Sample
7ffe4ba8088b1e11c2d9579c721467862b9f7bb8d2bc4515be23dcd15036ebd6.xls
Resource
win10v2004-20221111-en
Behavioral task
behavioral19
Sample
8c3cfdd7e1e162129eedf2c3d9f6f63c133622bfe5d04bccbd823486a85b69ed.xls
Resource
win7-20220812-en
Behavioral task
behavioral20
Sample
8c3cfdd7e1e162129eedf2c3d9f6f63c133622bfe5d04bccbd823486a85b69ed.xls
Resource
win10v2004-20220812-en
Behavioral task
behavioral21
Sample
a821b7d549ed8c03d8824bad80e2da2c7d212a096a43c82a1cbc3a9308256916.xls
Resource
win7-20220901-en
Behavioral task
behavioral22
Sample
a821b7d549ed8c03d8824bad80e2da2c7d212a096a43c82a1cbc3a9308256916.xls
Resource
win10v2004-20221111-en
Behavioral task
behavioral23
Sample
b0fb5f6486f17bf63a316d7f3eb85002d6fb74a96cdeb3a9e43f555c73f74d01.xls
Resource
win7-20221111-en
Behavioral task
behavioral24
Sample
b0fb5f6486f17bf63a316d7f3eb85002d6fb74a96cdeb3a9e43f555c73f74d01.xls
Resource
win10v2004-20220812-en
Behavioral task
behavioral25
Sample
bd310a2a64e17c99fb956a72c31807a7a6120cb0719c203a3dab22ae47bdd8a2.xls
Resource
win7-20221111-en
Behavioral task
behavioral26
Sample
bd310a2a64e17c99fb956a72c31807a7a6120cb0719c203a3dab22ae47bdd8a2.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://blacksebo.de/sharedassets/fA/
https://bikkviz.com/wp-admin/NyT44HkVg/
http://chist.com/dir-/HH/
http://coadymarine.com/Admin/ekamS7WWDkLwS44q/
Extracted
emotet
Epoch4
45.235.8.30:8080
94.23.45.86:4143
119.59.103.152:8080
169.60.181.70:8080
164.68.99.3:8080
172.105.226.75:8080
107.170.39.149:8080
206.189.28.199:8080
1.234.2.232:8080
188.44.20.25:443
186.194.240.217:443
103.43.75.120:443
149.28.143.92:443
159.89.202.34:443
209.97.163.214:443
183.111.227.137:8080
129.232.188.93:443
139.59.126.41:443
110.232.117.186:8080
139.59.56.73:8080
103.75.201.2:443
91.207.28.33:8080
164.90.222.65:443
197.242.150.244:8080
212.24.98.99:8080
51.161.73.194:443
115.68.227.76:8080
159.65.88.10:8080
201.94.166.162:443
95.217.221.146:8080
173.212.193.249:8080
82.223.21.224:8080
103.132.242.26:8080
213.239.212.5:443
153.126.146.25:7080
45.176.232.124:443
182.162.143.56:443
169.57.156.166:8080
159.65.140.115:443
163.44.196.120:8080
172.104.251.154:8080
167.172.253.162:8080
91.187.140.35:8080
45.118.115.99:8080
147.139.166.154:8080
72.15.201.15:8080
149.56.131.28:8080
167.172.199.165:8080
101.50.0.91:8080
160.16.142.56:8080
185.4.135.165:8080
104.168.155.143:8080
79.137.35.198:8080
5.135.159.50:443
187.63.160.88:80
Extracted
https://cpcwiki.de/images/rirOpdztUEfG7WJ/
https://www.conceptagency.net/css/zXC/
http://a.angel-tn.idv.tw/web_images/aa7fEDOPvT2F1i/
http://www.atashelement.ir/qds-seo-url-autofill/tmSetsq0wxsmXdA/
Extracted
https://files.encendercomunicacion.com/jardinesdelpilar/7tTka2RzzAH/
http://argojeans.com/FxCredit/tGNivisLKJet7a/
http://blacksmithbooks.com/blog/yinA3nT/
https://annunziato.com.br/swf/5FJ0eeAsKYPctsq/
Extracted
https://baetrade.com/45s/WsT3CvPcb35cc/
https://boleo.nl/assets/NMRA4nGe92AZv/
http://mecaprog.com/menusystemmodel005/zI4Vdv894mr/
http://lysarbopaysage.fr/headers/ZZrBWaHoT0k/
Extracted
https://baetrade.com/45s/WsT3CvPcb35cc/
https://boleo.nl/assets/NMRA4nGe92AZv/
http://mecaprog.com/menusystemmodel005/zI4Vdv894mr/
Extracted
http://navylin.com/autopoisonous/yT4y0aa/
http://www.3d-stickers.com/cache/ULfOeC4z7U/
http://talles.atwebpages.com/sistemas/2WReqC3w1bZsCp/
http://coinkub.com/wp-content/NL7Ddclhm/
Extracted
https://aldina.jp/wp-admin/YvD46yh/
https://www.alliance-habitat.com/cache/lE8/
http://anguklaw.com/microsoft-clearscript/oVgMlzJ61/
https://andorsat.com/css/5xdvDtgW0H4SrZokxM/
Extracted
http://www.spinbalence.com/admin3693/Z6WQpmNRNj6041fU2zpt/
http://kabaruntukrakyat.com/wp-content/ES/
https://chobemaster.com/INFECTED/LEdXM4gdwN4mgnlC/
http://cngst.com/data/fXWpDbJ3KwAybE/
Extracted
http://aquariorecords.com.br/wp-content/A8G3ownNApEj1L4hF/
http://ftp.pricoat.com.mx/Fichas/3ybJLLXu5zqqn8Sx/
http://armannahalpersian.ir/3H5qqUOB/
http://alagi.ge/application/irnz5Rs8qWvQrf/
Extracted
https://cs.com.sg/Backup/Bk778kXNKMiH5vH/
https://j2ccamionmagasin.fr/css/1Mp8y/
http://atici.net/old/PkZI74DD/
http://clanbaker.org/css/khhl7kT2n69n/
Targets
-
-
Target
199a2e0e1bb46a5dd8eb3a58aa55de157f6005c65b70245e71cecec4905cc2c0
-
Size
255KB
-
MD5
6493581b246b731e4937fbee64a68803
-
SHA1
a6e306f8841ff6fbd50188c738469143a6934df0
-
SHA256
199a2e0e1bb46a5dd8eb3a58aa55de157f6005c65b70245e71cecec4905cc2c0
-
SHA512
d4089c3cf61a73c1469e01ba2892f4c3e91b7aa3e020deba399581d4212da5ed8c1d4eec29531312643faa838d34bd38de33065373aa72b7cbb782ea5b8b5f60
-
SSDEEP
6144:NKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgzNiwrfx9rNFMMrttRzV5Dz3UxqC8LUcSu:ANbDjP9XH5XIqZLnSu
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
-
-
Target
1c5f2ca9839078742383b207721ce92fdfa70ac50e5d7b73c2488d47f7e5ebac
-
Size
255KB
-
MD5
893f9b10a48073fc3fa0d5c8867f7200
-
SHA1
875d63ddc7467890f8f72aa787298ca4b2051e3e
-
SHA256
1c5f2ca9839078742383b207721ce92fdfa70ac50e5d7b73c2488d47f7e5ebac
-
SHA512
8c65c4f8c89d5b6e973f2108cb4267cf3f6703609d84be6d4fda7b92770d462344c957e6fbc7a00e24076bbe2dc51bfe68ed80e5685ff985a01772edca5de632
-
SSDEEP
6144:6Kpb8rGYrMPe3q7Q0XV5xtuEsi8/dgVNiwrfx9rNFMMrttRzV5Dz3UxqC8LUcST:5NbDjP9XH5XIqZLnST
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
27a65553a3560c4e36589cc0da79c8713db4ab009ce4e687b51b302c9d5480ac
-
Size
255KB
-
MD5
0d1ea34c0423845842d2411dd5084ae5
-
SHA1
731d92101270c9dbff7b622f0c70eed56a7ddab5
-
SHA256
27a65553a3560c4e36589cc0da79c8713db4ab009ce4e687b51b302c9d5480ac
-
SHA512
8b9d2554a8b445412e55f3234688f6c81c92ed874b0fdf65b8c6c55e451144b2c84f4526309bd43b3f939bb118f5e242f6f3fbc673de84477696febfc2914047
-
SSDEEP
6144:JKpb8rGYrMPe3q7Q0XV5xtuEsi8/dggNiwrfx9rNFMMrttRzV5Dz3UxqC8LUcSq:nNbDjP9XH5XIqZLnSq
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
403e70970c9b6f4669f5446607042721caaa2235ebd610c31e1a5f7fc917d752
-
Size
255KB
-
MD5
ce3280f3e64768ff5a8b68c29bdf6fc7
-
SHA1
a4d3d2107acab77c677054f428ad7c714bebb2fe
-
SHA256
403e70970c9b6f4669f5446607042721caaa2235ebd610c31e1a5f7fc917d752
-
SHA512
1c558bda07e64e84f56b1f8799602fe91f0d65a71f650993e6c41c0a3ef1c0d404f4e1f415aeb47033cb9ddd9afbea84c21f1bfade642c8ea1e1350ac9321175
-
SSDEEP
6144:NKpb8rGYrMPe3q7Q0XV5xtuEsi8/dguNiwrfx9rNFMMrttRzV5Dz3UxqC8LUcSi:1NbDjP9XH5XIqZLnSi
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
470c6543c277decdbc2ad9f4d825b32e22b6a1ab37fcc337645371a5a3819aac
-
Size
255KB
-
MD5
73570b8824b20e00377b31b25ab5dbf8
-
SHA1
5715020cc77af8eb4b91debed43d0ba69dc669be
-
SHA256
470c6543c277decdbc2ad9f4d825b32e22b6a1ab37fcc337645371a5a3819aac
-
SHA512
fe84a0129cf65bb29c0b8afe4c5ced3b8b2255082f20489ff7f431f52a234d41a0e0b2750f737c3b886bc953ef4f49862652d2ef1e0ebd23620995522e78b228
-
SSDEEP
6144:JKpb8rGYrMPe3q7Q0XV5xtuEsi8/dggNiwrfx9rNFMMrttRzV5Dz3UxqC8LUcSf:nNbDjP9XH5XIqZLnSf
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
5a63ab6f7ef4d61c6d67fddff5883778b3235ef83b36bfced892d6dbc1a7416e
-
Size
255KB
-
MD5
c53b62a9af12cf189afd7f48d36041d5
-
SHA1
3cc43c03d5b634409b9cd28d4eeec6e7f8a19584
-
SHA256
5a63ab6f7ef4d61c6d67fddff5883778b3235ef83b36bfced892d6dbc1a7416e
-
SHA512
bf68da6412d80607151832b5aecd96f55ef1555daf1718e82f70560d7210e753e1339a34a81b503e79f7de595f14be1c36e10d292080d94f03705b6321c53941
-
SSDEEP
6144:6Kpb8rGYrMPe3q7Q0XV5xtuEsi8/dgRNiwrfx9rNFMMrttRzV5Dz3UxqC8LUcSz:FNbDjP9XH5XIqZLnSz
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
61e7a5bc6dda4cdf7d6c21edbabc61b22a616014d8648a8d43a83d03f5d75d61
-
Size
73KB
-
MD5
d8f46c46975e458f2019c27e8406911c
-
SHA1
a88aa9a6b6ad91bd37d78d9341f49ad632b31ef0
-
SHA256
61e7a5bc6dda4cdf7d6c21edbabc61b22a616014d8648a8d43a83d03f5d75d61
-
SHA512
6332d7d8aa02ef6ac472de59d191d1a55788781fb5c665afa61ed77b6b37cc44c8fee2184b44428891ee37341e6e9aa285a97c24d05d78944519fec3cac610ba
-
SSDEEP
1536:DMXKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgxBAezwrMCtvJecvRtbM5v:KKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
7f687711143b9895361fc01c72b0c1090eef0fdb250a1dfa17e35901212cc1a7
-
Size
255KB
-
MD5
32afcf9ce9f18c52f840007536626336
-
SHA1
33a41f02d4e310fb8e1a40726a1bd5ab8839cd6d
-
SHA256
7f687711143b9895361fc01c72b0c1090eef0fdb250a1dfa17e35901212cc1a7
-
SHA512
f684a9edac45d0c206824ca53bb701b124d3def2de5425cf25c2776694d741820747161e8b7e5314bd0d4b34b44589e9c808d2adf72b7dd2242edf6c2bdbbe39
-
SSDEEP
6144:2Kpb8rGYrMPe3q7Q0XV5xtuEsi8/dguNiwrfx9rNFMMrttRzV5Dz3UxqC8LUcSj:eNbDjP9XH5XIqZLnSj
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
7ffe4ba8088b1e11c2d9579c721467862b9f7bb8d2bc4515be23dcd15036ebd6
-
Size
217KB
-
MD5
e1705d47f44d32c2822642aaea5e9131
-
SHA1
baebb9c662f5122a98e2df309a6f288db802ff61
-
SHA256
7ffe4ba8088b1e11c2d9579c721467862b9f7bb8d2bc4515be23dcd15036ebd6
-
SHA512
ba18e73e6cc05996a275e0e72fc777c46f014e7d91493501edb3a75094d26360af394bfbb094e533668b25f8e0b261355eb728346b248fea0d14f091da4e39da
-
SSDEEP
6144:SKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgIyY+TAQXTHGUMEyP5p6f5jQmvn:XbGUMVWlbvn
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
-
-
Target
8c3cfdd7e1e162129eedf2c3d9f6f63c133622bfe5d04bccbd823486a85b69ed
-
Size
255KB
-
MD5
18252d898a785e916760be3e63c29a78
-
SHA1
769301632d80a6c5996e7f9514786e79d044db17
-
SHA256
8c3cfdd7e1e162129eedf2c3d9f6f63c133622bfe5d04bccbd823486a85b69ed
-
SHA512
86507a8d28982194e8cca9e95da98d17fde400393997eeb6df980e1da6549c8cb869ad347a0792423be75c8dcaaeb73df8d6e512bc363140cc06be834d60c775
-
SSDEEP
6144:NKpb8rGYrMPe3q7Q0XV5xtuEsi8/dg9Niwrfx9rNFMMrttRzV5Dz3UxqC8LUcSw:mNbDjP9XH5XIqZLnSw
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
-
-
Target
a821b7d549ed8c03d8824bad80e2da2c7d212a096a43c82a1cbc3a9308256916
-
Size
255KB
-
MD5
2d32da58b535b67699209af9b4506a05
-
SHA1
f65a977eb348add12ea8136e1dd63bd5041ce348
-
SHA256
a821b7d549ed8c03d8824bad80e2da2c7d212a096a43c82a1cbc3a9308256916
-
SHA512
ffc90596060b379626e7b0b2ff565407c7a9340cfeca1d0f6df4d91023403d286f30db8b85f542ebb9e4f63a6c513be047c05ab2aa658e61564e9be896be2405
-
SSDEEP
6144:JKpb8rGYrMPe3q7Q0XV5xtuEsi8/dggNiwrfx9rNFMMrttRzV5Dz3UxqC8LUcS6:nNbDjP9XH5XIqZLnS6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
b0fb5f6486f17bf63a316d7f3eb85002d6fb74a96cdeb3a9e43f555c73f74d01
-
Size
255KB
-
MD5
b9a02c001e5c71d0156ab58e28f3470e
-
SHA1
5bfd33906db74259368009303305247e5b43d6fa
-
SHA256
b0fb5f6486f17bf63a316d7f3eb85002d6fb74a96cdeb3a9e43f555c73f74d01
-
SHA512
588641932731204652372efcbf7f955642e81168a9cb1aac5a5a74175fe0c18a5c4da1c4e4716b779bd1e1392e9862b22194b9a245dc3d8a9168b482ec788041
-
SSDEEP
6144:6Kpb8rGYrMPe3q7Q0XV5xtuEsi8/dggNiwrfx9rNFMMrttRzV5Dz3UxqC8LUcST:8NbDjP9XH5XIqZLnST
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
bd310a2a64e17c99fb956a72c31807a7a6120cb0719c203a3dab22ae47bdd8a2
-
Size
217KB
-
MD5
bc3affabc827c9ebbe52dc136760e056
-
SHA1
132b7a932aa3cc66beefa39d282257125a08f17c
-
SHA256
bd310a2a64e17c99fb956a72c31807a7a6120cb0719c203a3dab22ae47bdd8a2
-
SHA512
e5b77000f5d1797e8f58ca550d7c0a6adbb90dc814b10334e35f5c129a795aa8fa284f0666129d86ba973e18184bacafc600ed6609b30dff6a45078718ff3c8b
-
SSDEEP
6144:SKpb8rGYrMPe3q7Q0XV5xtuEsi8/dglyY+TAQXTHGUMEyP5p6f5jQm1:QbGUMVWlb1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-