Resubmissions

08/03/2023, 04:45

230308-fdxsmsea83 10

08/03/2023, 04:40

230308-farr8ade91 10

General

  • Target

    DETALLES_2562.zip

  • Size

    659KB

  • Sample

    230308-fdxsmsea83

  • MD5

    a510f4a213bc754bb66458118d42bff5

  • SHA1

    157429725b9fc85a7fb891063dd9c7981ccd2f1f

  • SHA256

    f19d159a075a6ab2f063e01922822699fb70cee79f8b1b3853017ff57e700f00

  • SHA512

    f5e7f1c5b74ca8f9704b7eff639ff9e6e3c4c9cff0b7ef5e8f34b8d0b6e000912c47403a69c5a9692fefbd846f81a5dccb01c9c52a4085ba249947c952d51182

  • SSDEEP

    3072:Z1lsI//z4a/hGS0NclN3U8XKp5ZuoWkQQhl0GEzal3CA:Z12c/z4a5GLNIp1WMkd3tCA

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443

eck1.plain
ecs1.plain

Targets

    • Target

      DETALLES_2562.doc

    • Size

      540.2MB

    • MD5

      5044553467b5553505acb52ce47e92c7

    • SHA1

      74688fc37b7ca6938ff26ba73b0433f4f61eb41b

    • SHA256

      2a5d629a4645bf7e5a38f790f411fdbc96fa0ca814d04d27892421993caf4adb

    • SHA512

      8b4d9360e0099b7d73c0aa90e0f09f0f2f15fdf993b9f7f79ebf0f304c4f374e054bdb2e2c30593c592ac6f24938e219be40fe7447b3c76d32ac5cdd59bde6da

    • SSDEEP

      3072:eoEW2aOtFjH0lP2IpjctfRcVVwEi/A8NVM1wIOCbX6bYLjWFJuvx7ueK6:ZE1aOtFa2I9c3aVw4zwxCbJ4Jup

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks