General
-
Target
DATA_862550248.zip
-
Size
678KB
-
Sample
230314-szvlmaac5y
-
MD5
9c2d88d20a0eaa6c24ffa7908e541293
-
SHA1
af637075c5c9a9b0be449c0b6bb4b0ec0143386c
-
SHA256
ae27f05aaa2c64baa9ad2024e312792c64927cab41213aa00f098fa1f99786ca
-
SHA512
fbc82d8528cd841b11cddb635d3799d17152382d6ec4a4c012e24a709166c61dbae9acea83683f9cf953561a68ef82637dee2c22e9640092f66472b5225dd4da
-
SSDEEP
3072:LmGWTiRHYAaxkY9HRiE5vsTDBBoBdk5wu9MzKjzAUaIQxBV5b:buAaxprW/+uRjzwt
Behavioral task
behavioral1
Sample
DATA_862550248.doc
Resource
win7-20230220-en
Malware Config
Extracted
emotet
Epoch5
103.85.95.4:8080
103.224.241.74:8080
178.238.225.252:8080
37.59.103.148:8080
78.47.204.80:443
138.197.14.67:8080
128.199.242.164:8080
54.37.228.122:443
37.44.244.177:8080
139.59.80.108:8080
218.38.121.17:443
82.98.180.154:7080
114.79.130.68:443
159.65.135.222:7080
174.138.33.49:7080
195.77.239.39:8080
193.194.92.175:443
198.199.70.22:8080
85.214.67.203:8080
93.84.115.205:7080
186.250.48.5:443
46.101.98.60:8080
160.16.143.191:8080
64.227.55.231:8080
175.126.176.79:8080
85.25.120.45:8080
178.62.112.199:8080
185.148.169.10:8080
128.199.217.206:443
103.41.204.169:8080
209.239.112.82:8080
202.28.34.99:8080
139.196.72.155:8080
87.106.97.83:7080
93.104.209.107:8080
104.244.79.94:443
115.178.55.22:80
83.229.80.93:8080
103.254.12.236:7080
62.171.178.147:8080
Targets
-
-
Target
DATA_862550248.doc
-
Size
519.3MB
-
MD5
465dd447daed33f2bbe8a95ca7d37e15
-
SHA1
dff033fe6cd43d485d37015942d67644b12ea3e9
-
SHA256
b0ec15385cbd5461fd9678dd61f6867d41c170d2df8dfdfe6eebd7a0de905273
-
SHA512
1bbd0dcd7c8273547f5610c926ae9ce3280890dd8115d177dbcc39016188a0e07131aeaa3d6b353d72e87d981f98560b7c949c7496169322c7e49f0fa091b922
-
SSDEEP
3072:+J3pNHNgsxBQnr/vMOoch7gMqR40vFdYDRORalW/Xdmku3Bh5H8NvdNHZy:+JVbQDMfqHofvfYlOR31mkuRhyNvdN
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-