General
-
Target
YQq.zip
-
Size
826KB
-
Sample
230317-l5jyrahf6x
-
MD5
b6c1c120bdc24a3571839bcc9f1f43ca
-
SHA1
c96d30c67514394d4bc435ca336c7f3fa5348135
-
SHA256
73bf012ccf763e73f6f1db19ad0398c7999f24db43482bd8f8bf0818830a347e
-
SHA512
782899c5c4d66f5a5e35c12a060747baac6d69c3a1ac6eb85169bf55c6cb2420f4aaef2e926e8301c94a58e4c7fcb1bfe16f88b8c74808cbed28e73fd987d415
-
SSDEEP
6144:ZaLTjsQeEcXqm56bKEY2093cbZStVHCWoR91NMd4TDyy:sLcQjc6qseWZSthCW09W4X
Malware Config
Extracted
emotet
Epoch5
103.85.95.4:8080
103.224.241.74:8080
178.238.225.252:8080
37.59.103.148:8080
78.47.204.80:443
138.197.14.67:8080
128.199.242.164:8080
54.37.228.122:443
37.44.244.177:8080
139.59.80.108:8080
218.38.121.17:443
82.98.180.154:7080
114.79.130.68:443
159.65.135.222:7080
174.138.33.49:7080
195.77.239.39:8080
193.194.92.175:443
198.199.70.22:8080
85.214.67.203:8080
93.84.115.205:7080
Targets
-
-
Target
eVx7je8pmI0D.dll
-
Size
519.5MB
-
MD5
0d6e3222a7b50ff036c425a0277d4e7e
-
SHA1
7bca2528fb509727d8fb0168eba542dff7f5d99c
-
SHA256
304b20a068fb800ae7aa1c51cf499ea308b7ebf9290a531f4f491d7a17006ecf
-
SHA512
757264ec64a2d8fb4c147e873b439bb78f889873d93ed36ae11f2ab5a9d4201ac68501c0c6d355d1e45cf08e45d77c905d3e5937a9f10cadf917acdc670c15ed
-
SSDEEP
6144:3aH8hMsydZe0ucCdDjqJ+eDXPaX6CTDrdTq02RKPDYDAFYKHJbEfXxIpXh+IcHwN:9mPuNdDQDXPm6owRg8DcYKHJbMcM/TZ
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Adds Run key to start application
-