General
-
Target
invoce No 26316 10_03_2023.zip
-
Size
698KB
-
Sample
230310-kz22pseb7s
-
MD5
2777dba3f74b649b686c9f1041b1b2f9
-
SHA1
7743a901e8dc53104dd3fee49324ec2b12fdb9aa
-
SHA256
f1889d6b5f19120e166668f50d96124582b41b2d78a560a9edac1c91e4869ea3
-
SHA512
33e2524e51d077336c49a10b39e73e53b69a52e33e57e6145602096829c63af2a3417b8db53ab305156f8e340f35d89e2bd61fbec29cddf9a01e04855e3baef6
-
SSDEEP
3072:jTdhlKitY6gngARvVndTW9ZCPuJSDCKvjl1flV+crxAm40/yL/sEZGNKl/L:VhQOY6egwndgkPwSDCKFVj+mb/yFIs/L
Malware Config
Extracted
emotet
Epoch4
164.68.99.3:8080
164.90.222.65:443
186.194.240.217:443
1.234.2.232:8080
103.75.201.2:443
187.63.160.88:80
147.139.166.154:8080
91.207.28.33:8080
5.135.159.50:443
153.92.5.27:8080
213.239.212.5:443
103.43.75.120:443
159.65.88.10:8080
167.172.253.162:8080
153.126.146.25:7080
119.59.103.152:8080
107.170.39.149:8080
183.111.227.137:8080
159.89.202.34:443
110.232.117.186:8080
Targets
-
-
Target
invoce N 268 10_03_2023.doc
-
Size
539.3MB
-
MD5
e9b82d57e0494351ea5c5ce42e910295
-
SHA1
4d4568ffaf46fbdd515c1761e58bafe6876647d7
-
SHA256
52adcb13820354542d9d0913cec63e88bdc914e9e0b6a22932050e4c0b031a00
-
SHA512
22b718b94bca5410795e7c25d300a5e504fe977b5f90c3f439965c11d6a29c7ac64aea3c1356362ae6613b100293014d12060110a2850a8e89b7ea667ff2f9da
-
SSDEEP
6144:jkmCUX1RauEA55axdWFyDDIqqmbwbLUW:omC7uz552AFZqXbwbA
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-