General

  • Target

    form.zip

  • Size

    659KB

  • Sample

    230308-hnqs7aed98

  • MD5

    f03af7f3ead16c91194542030736b08d

  • SHA1

    03f1f895c06cf74397f3b2d6921057f6166f1244

  • SHA256

    b3ee14db12d9b5ac16771d557eb1d16491aaff3e6ac09fc55a830603d5d8bda4

  • SHA512

    8709fc18f545ad9fdea9beec8a0ec06ebdd0c6cae3c84f7bc9c71187e24d9e8011b00e8675a25f240b008b89a1ec31405e5f5846296491c37b0782cfd7385b73

  • SSDEEP

    6144:AJNbwmfcuHom8Hz2f//ywiWT8xVTI5wqf:EbPHom8TYyCT8x5I5w0

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443

eck1.plain
ecs1.plain

Targets

    • Target

      form.doc

    • Size

      509.3MB

    • MD5

      48a64e3f96c122410578caf6e70329b9

    • SHA1

      57a464d3735eb91850c56be1462c22c5bec57996

    • SHA256

      8d4427329c8bde96652807caa270a0950be8f917076cb1c5bb893995c995a5ac

    • SHA512

      1a5f6926e5ca27fcbf372ed3b9f5348550a77161e76662d6865d2e5b30124326e3356a93c6f8a516baa0c3c63b2fccbc52a3a6af5a1c1cd050bf35cde6b4874a

    • SSDEEP

      6144:xPn4VZXbatu7MDogsDkHS50LdfcGcbz1f5M9KTFrMpSlMK3Ru+Q28:xP4PbNMkgg3Ru+x

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks