General
-
Target
SCAN-14032023.zip
-
Size
739KB
-
Sample
230314-mhhmvagh3w
-
MD5
d33bc156c84e222419aff3815d5946f2
-
SHA1
8e2fdb102f47602c6beeb250cd5cc400e50fd2b6
-
SHA256
e02bb757e6ed2c531fc97cf30099aec744f6a4c910b0962b660542baf87b6353
-
SHA512
a25a419b0db1fae97804f02dd6cc6c96349654e8d39c4a98a98b66dac20ac3280128d5aa7f9ab26f450b78c47971f9ed0d7ec915a4dc2287062d7e382b08cb05
-
SSDEEP
6144:5wZnDlMy6O3qKmCRUe1B5uLqcHfVDNUV3nJGM+BTv:GtDlb6IqXCRUe1BTcH8VIM+Vv
Behavioral task
behavioral1
Sample
SCAN-14032023.doc
Resource
win7-20230220-en
Malware Config
Extracted
emotet
Epoch5
103.85.95.4:8080
103.224.241.74:8080
178.238.225.252:8080
37.59.103.148:8080
78.47.204.80:443
138.197.14.67:8080
128.199.242.164:8080
54.37.228.122:443
37.44.244.177:8080
139.59.80.108:8080
218.38.121.17:443
82.98.180.154:7080
114.79.130.68:443
159.65.135.222:7080
174.138.33.49:7080
195.77.239.39:8080
193.194.92.175:443
198.199.70.22:8080
85.214.67.203:8080
93.84.115.205:7080
186.250.48.5:443
46.101.98.60:8080
160.16.143.191:8080
64.227.55.231:8080
175.126.176.79:8080
85.25.120.45:8080
178.62.112.199:8080
185.148.169.10:8080
128.199.217.206:443
103.41.204.169:8080
209.239.112.82:8080
202.28.34.99:8080
139.196.72.155:8080
87.106.97.83:7080
93.104.209.107:8080
104.244.79.94:443
115.178.55.22:80
83.229.80.93:8080
103.254.12.236:7080
62.171.178.147:8080
Targets
-
-
Target
SCAN-14032023.doc
-
Size
536.4MB
-
MD5
0414d3a2420f1a8bed6648457232d6c3
-
SHA1
044bc64da88a7f8c5fab58a16f03b7207edc37d7
-
SHA256
a81f976050152bc57609b467fe5cfa0b7b341776fb948a2fa2577c95fd984fa9
-
SHA512
876018471fbaca599580ab1368d6a12327e734e1ae26a8675d8d7f19281335f11a42f783e21058d456da90b10dabe787833ecae785fac3671ab498850fe97363
-
SSDEEP
6144:5yk1RgZZXbN63GW1Z7krKSUzMNYJJdKkOl950uH54Lg4Ne9C:5/MXJ6WW1Z7ktUgNYJJdKkOHC4D409
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-