General
-
Target
RechnungScan 2023.10.03_1233.zip
-
Size
689KB
-
Sample
230310-n72mpafc5t
-
MD5
e738531b877821a7af5d45641eceec84
-
SHA1
416fb5926dbbc201d2686f6b3ba2fd5d46244155
-
SHA256
b8683c5502f50bc3553fc514bcdc70eeab797425911d1c3b457795e36b69ada8
-
SHA512
80e7dcab4d13d17a26dd1b9be7e5471fa66fb5820b2442bd6e6913bc69d062c3e47902ef7f9dc15fee8c9d6ba27fdd2a5a7cae4e500c233f4a31647fc62fe933
-
SSDEEP
3072:JTdhlKitY6gngARvVndTW9ZCPuJSDCKvjl1flV+crxAm40/yL/sEZGNKl/8:DhQOY6egwndgkPwSDCKFVj+mb/yFIs/8
Malware Config
Extracted
emotet
Epoch4
164.68.99.3:8080
164.90.222.65:443
186.194.240.217:443
1.234.2.232:8080
103.75.201.2:443
187.63.160.88:80
147.139.166.154:8080
91.207.28.33:8080
5.135.159.50:443
153.92.5.27:8080
213.239.212.5:443
103.43.75.120:443
159.65.88.10:8080
167.172.253.162:8080
153.126.146.25:7080
119.59.103.152:8080
107.170.39.149:8080
183.111.227.137:8080
159.89.202.34:443
110.232.117.186:8080
Targets
-
-
Target
RechnungScan 2023.10.03_1233.doc
-
Size
530.3MB
-
MD5
125f3bcf582189f8d6d9cdba7d9aeac1
-
SHA1
965cb4c9e0408282e2dd63657eae6d11a9486c7d
-
SHA256
9f2b2bc3ffa2ee0eedba9a96547145e3dcaa765df70a1e2b626f60e25a97f16b
-
SHA512
6eca008edd285821442e8aab499c2a5275d878b53def79df3d62481645d4f3a535a9a151cb111dd739e3d57fb1bcbac31bf0b8d01b19a35261751565dc4528de
-
SSDEEP
6144:jkmCUX1RauEA55axdWFyDDIqqmbwbLUW:omC7uz552AFZqXbwbA
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-