General
-
Target
commenti_14032023.zip
-
Size
707KB
-
Sample
230314-rq3efahg5w
-
MD5
cd6f7a11d05bd9c5f5401274405ed07f
-
SHA1
4d9e3931a571de6897ad22fadb4e13cbabaa7a40
-
SHA256
f333982c6245780bb4542cde1e9c82a56d101a1a3d2307540f63faa1085b3e23
-
SHA512
e26beb3a9886be7a27ccc2e7b8c9f3da4914ebb97fb0b144a0bc7024dbe2a1c29ae8bb69b61faf465bb4a2d2c7fffd1adca200e5375f7d63b4ff7695161a42fa
-
SSDEEP
6144:0wZnDlMy6O3qKmCRUe1B5uLqcHfVDNUV3nJGM+BTa:HtDlb6IqXCRUe1BTcH8VIM+Va
Behavioral task
behavioral1
Sample
commenti_14032023.doc
Resource
win7-20230220-en
Malware Config
Extracted
emotet
Epoch5
103.85.95.4:8080
103.224.241.74:8080
178.238.225.252:8080
37.59.103.148:8080
78.47.204.80:443
138.197.14.67:8080
128.199.242.164:8080
54.37.228.122:443
37.44.244.177:8080
139.59.80.108:8080
218.38.121.17:443
82.98.180.154:7080
114.79.130.68:443
159.65.135.222:7080
174.138.33.49:7080
195.77.239.39:8080
193.194.92.175:443
198.199.70.22:8080
85.214.67.203:8080
93.84.115.205:7080
186.250.48.5:443
46.101.98.60:8080
160.16.143.191:8080
64.227.55.231:8080
175.126.176.79:8080
85.25.120.45:8080
178.62.112.199:8080
185.148.169.10:8080
128.199.217.206:443
103.41.204.169:8080
209.239.112.82:8080
202.28.34.99:8080
139.196.72.155:8080
87.106.97.83:7080
93.104.209.107:8080
104.244.79.94:443
115.178.55.22:80
83.229.80.93:8080
103.254.12.236:7080
62.171.178.147:8080
Targets
-
-
Target
commenti_14032023.doc
-
Size
504.4MB
-
MD5
a60c5f8e3e97ac22ed1484ade4dc235f
-
SHA1
fa53b5c04ace548962a1bb7b052672121b195440
-
SHA256
990a8caa38d771d929f285f7c8594e9ef90163dadc9489b1f43f165e45e05f5e
-
SHA512
64bb398b405941de8f63adec045ffdb01ca6f0ca555f0fbed4aaf88c0585ac6f0b49ca0eec7594255da9c4576278fcfb1f9847f7bfc7788d8ee196e8e1e9e8dc
-
SSDEEP
6144:5yk1RgZZXbN63GW1Z7krKSUzMNYJJdKkOl950uH54Lg4Ne9C:5/MXJ6WW1Z7ktUgNYJJdKkOHC4D409
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-