General
-
Target
Fakturierung.zip
-
Size
688KB
-
Sample
230314-pjnxcsfc63
-
MD5
2dce50489cc5297f727537641130d93d
-
SHA1
26422e54ec5c6aad0d6fb7f7a934af9eacd8b349
-
SHA256
fb7ec650e35e5df2b91422942730d0d31c288d06669c00bddf989d1d149bf0e1
-
SHA512
f62a71896676887c60af88be5caa00028a036276a99f2d89dc584df6f2b12d4cdfa72a4a6cd2df8c3fe7e4b0d62c3eb720a54249604fe088b2a2ad29246e85ad
-
SSDEEP
3072:WIFb4Wmkqke+cEeqH9vH+i2s1Vj8JxuLVpMs75XLKZvf:WOykqk6Lw+i2s1Vjkxuxp/Qvf
Malware Config
Extracted
emotet
Epoch4
164.68.99.3:8080
164.90.222.65:443
186.194.240.217:443
1.234.2.232:8080
103.75.201.2:443
187.63.160.88:80
147.139.166.154:8080
91.207.28.33:8080
5.135.159.50:443
153.92.5.27:8080
213.239.212.5:443
103.43.75.120:443
159.65.88.10:8080
167.172.253.162:8080
153.126.146.25:7080
119.59.103.152:8080
107.170.39.149:8080
183.111.227.137:8080
159.89.202.34:443
110.232.117.186:8080
Targets
-
-
Target
Fakturierung.doc
-
Size
534.3MB
-
MD5
bf16595909993047ef58203821614b7c
-
SHA1
cc3715547c98a950ad61842026045de915f6ab98
-
SHA256
45fb8507138935dda07ec1fb243b61e18954f44691f383e48e32301a4dd5d61c
-
SHA512
b56d9c99ca78b503ff426536407447a7e750a01af5af9f3ab4f12dc872b8b3a798d83eb2f9867869ee29daefc947fd5b82d953e72d3529e3291e1a5370d3a9b0
-
SSDEEP
6144:1620tqUx3Xu+7ZkRIDNGi9a0Va5UAClo:1620tqm3+I2ezcz5U3lo
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-