General
-
Target
payment.zip
-
Size
677KB
-
Sample
230323-gjp6esfg4x
-
MD5
ade4edb6cf3fa63c311afb196f995208
-
SHA1
14b159c8223342386adf17b8f7e2ed4c3ae265b0
-
SHA256
e2d76294e4c59a13b9cf80def7c91994d4b1ea6a610708d73684d71abff972a5
-
SHA512
10f95dba778f0c6c8765791944786d43290f8a6108064f78ba3c04aa14a4f4b61be9f315ce48b60b607dd24018d89de370d9bcb7e0f14545e3457497c6228854
-
SSDEEP
3072:5cJ4Y7C2UYBbenRoTwWAvuN9nyEeTHuhluAQ/RrrLZNQxBlGT40Fb:GSgC2U4QRfr4nyEsHu7u3rrglb09
Malware Config
Extracted
emotet
Epoch4
213.239.212.5:443
129.232.188.93:443
103.43.75.120:443
197.242.150.244:8080
1.234.2.232:8080
110.232.117.186:8080
95.217.221.146:8080
159.89.202.34:443
159.65.88.10:8080
82.223.21.224:8080
169.57.156.166:8080
45.176.232.124:443
45.235.8.30:8080
173.212.193.249:8080
107.170.39.149:8080
119.59.103.152:8080
167.172.199.165:8080
91.207.28.33:8080
185.4.135.165:8080
104.168.155.143:8080
Targets
-
-
Target
payment.doc
-
Size
548.2MB
-
MD5
078be6c1c7e37936317cfe515046ff8d
-
SHA1
6591f514e4470595b660649368d59a50cb70b03c
-
SHA256
dec0cb56b8fde11f21cab50f55e08e29e89854a6e05a5d3b940c860589c56117
-
SHA512
d1f30293779b644e43213edf3d854bcda725a10bc1abadad1bed02abb248a5660c902f818276834334cbd9592ec541e4d260b33c1f6a447dafb8591fad3f793d
-
SSDEEP
3072:brrCtKZF4eqZ627NHRxMvOwvzpl+vk6jZc:5F4eqYwHMvfvzpKk6Nc
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Adds Run key to start application
-