General

  • Target

    710709a200a5cda2a4293e9de521ab65d23170ab8bca04c8c7af22f86091d5d7.zip

  • Size

    123KB

  • Sample

    230308-mfxc8aeh7t

  • MD5

    325ac442c68769f14870ea757e767139

  • SHA1

    5aacd77f04f81783cab8e95c7888404dbc8b4ac1

  • SHA256

    b3cbb51c063e9ff2c6a45c211b95592b78eb858359c40c8c5fa49b7fd352b44f

  • SHA512

    12529ca7bfeadf9b4ed8cbd58cb0ef5a093a0efdd5b938a9bd66398c6b96e2c02431b86c5345bc4734bb0d8e6cb03dc96b541e2a2a823848f0e54d28f299c8ce

  • SSDEEP

    3072:G73Y/zrEZC5jGqnYwcyF2KQ4DlIX+KWrK0Iw:G73ezQeyNwcKNDlIdk/

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443

eck1.plain
ecs1.plain

Targets

    • Target

      INVOICE 589 03_23.doc

    • Size

      526.2MB

    • MD5

      b59808aba76dd0095aa06133382de9ed

    • SHA1

      59aed06213b305d2877031e8ef489064ef74ca74

    • SHA256

      2e116e6a43dcc2ee55df34664a7d5bfae36918f3a8ce5af97be6cb99e3a4de5b

    • SHA512

      134c7c9929c277a3ec0403c2246214059d107c78c0056f8190218e0d16ded3cfaa7a4682d695f9e6212c66220cb222589c8fcd19f6ea70a00994eb06eec6566b

    • SSDEEP

      3072:eoEW2aOtFjH0lP2IpjctfRcVVwEi/A8NVM1wIOCbX6bYLjWFJuvx7ueK6:ZE1aOtFa2I9c3aVw4zwxCbJ4Jup

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks