General
-
Target
bg-6552479.zip
-
Size
727KB
-
Sample
230317-jrj1gsfa28
-
MD5
b1b7155dd89db42ebac96191fa1cc219
-
SHA1
8f95ccca06a27414b30392d1962541fe451983a6
-
SHA256
b8e62579ea147a7392e9d37d8b2aeb6b9d8d1883e6a6f9ff5ebcb42f5a395e29
-
SHA512
075ce3bd03c819e40c125434d0acab282c068695bcf00271330c3f6d7c278b3866c4351c5830ff36ffd68ab4582bcdf8d95586f9041f845fa67a5389fcdde034
-
SSDEEP
6144:EwZnDlMy6O3qKmCRUe1B5uLqcHfVDNUV3nJGM+BTp:XtDlb6IqXCRUe1BTcH8VIM+Vp
Behavioral task
behavioral1
Sample
bg-6552479.doc
Resource
win7-20230220-en
Malware Config
Extracted
emotet
Epoch5
103.85.95.4:8080
103.224.241.74:8080
178.238.225.252:8080
37.59.103.148:8080
78.47.204.80:443
138.197.14.67:8080
128.199.242.164:8080
54.37.228.122:443
37.44.244.177:8080
139.59.80.108:8080
218.38.121.17:443
82.98.180.154:7080
114.79.130.68:443
159.65.135.222:7080
174.138.33.49:7080
195.77.239.39:8080
193.194.92.175:443
198.199.70.22:8080
85.214.67.203:8080
93.84.115.205:7080
186.250.48.5:443
46.101.98.60:8080
160.16.143.191:8080
64.227.55.231:8080
175.126.176.79:8080
85.25.120.45:8080
178.62.112.199:8080
185.148.169.10:8080
128.199.217.206:443
103.41.204.169:8080
209.239.112.82:8080
202.28.34.99:8080
139.196.72.155:8080
87.106.97.83:7080
93.104.209.107:8080
104.244.79.94:443
115.178.55.22:80
83.229.80.93:8080
103.254.12.236:7080
62.171.178.147:8080
Targets
-
-
Target
bg-6552479.doc
-
Size
524.4MB
-
MD5
e422ecaa33d71c00c4562e3b931cd7e2
-
SHA1
490e95c3eacabfa6e47f2b9b1a691e15441a5d1d
-
SHA256
7e92fd7a1554ba396bb14db43950b989d2f44155fed73ec12deaf11a01d606af
-
SHA512
ff4af4a054f17d84bb063612496468e6ecc34f73af3020e37c5b19dffa7f904553f2dfe84a8e3aced1db932acec3f027ed1d8c7c246ed2c653660f2ad29c8cb7
-
SSDEEP
6144:5yk1RgZZXbN63GW1Z7krKSUzMNYJJdKkOl950uH54Lg4Ne9C:5/MXJ6WW1Z7ktUgNYJJdKkOHC4D409
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-