Resubmissions

07-03-2023 23:05

230307-225daacb21 8

07-03-2023 22:54

230307-2vyl6aca8t 10

General

  • Target

    NZD119641754ZC.zip

  • Size

    680KB

  • Sample

    230307-2vyl6aca8t

  • MD5

    3825b78162585eb6991129430443caa9

  • SHA1

    5cd8450c8b0bc601369548a4deed1e5b656737c2

  • SHA256

    082a495f14e63c025eab5f40413eb823915cb312b94030604496389f6c940099

  • SHA512

    bf49468269f7542eacc8560fdae87b4f52a9c8699dcbf98e7ee35410d365ac3e9ec189903b6b20a05f25f97990d36144e94224725571ea6d74934eb8f8ce9050

  • SSDEEP

    6144:ZJNbwmfcuHom8Hz2f//ywiWT8xVTI5wqf:dbPHom8TYyCT8x5I5wA

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443

eck1.plain
ecs1.plain

Targets

    • Target

      NZD119641754ZC.doc

    • Size

      530.3MB

    • MD5

      a30a0a27d7d9f91339b2259909db8d9f

    • SHA1

      e579a0c503b5f717057ef8619f4a39fbbbf27a74

    • SHA256

      861389800aba82afef0d4e3f11d6cf21c64846d8ed689d1a974b16431193a6d2

    • SHA512

      9d6d9bef69fc6a2cf07916e40a9eed0dbfca5022beb281bf060376a9a9f741e1c52726e85e16f2741efa2626cf21f5680c7481f4631eac91aa0114138a260083

    • SSDEEP

      6144:xPn4VZXbatu7MDogsDkHS50LdfcGcbz1f5M9KTFrMpSlMK3Ru+Q28:xP4PbNMkgg3Ru+x

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks