General
-
Target
extracted_at_0x0.zip
-
Size
975KB
-
Sample
230330-zzmdksff81
-
MD5
eedd1eb676236c7d870d155d09e321e6
-
SHA1
a9c0fc5b8da3d3ab51c3737231a15cbf59875585
-
SHA256
420f4d1d22c84c9c318d304c9d23a4cfc50194b171d12aa139547a138e84071d
-
SHA512
29eb6a8927ed91e26b6d8774af8320a1fc9836b7f310739532cce8c2853c68679a78a67054cdf96f31e058661cf531d24a749c625357398d1ab7adfbf5ac11e7
-
SSDEEP
12288:Okf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4deK:dXzNdfKluvnRHthzfoYxJlT
Malware Config
Extracted
emotet
Epoch4
213.239.212.5:443
129.232.188.93:443
103.43.75.120:443
197.242.150.244:8080
1.234.2.232:8080
110.232.117.186:8080
95.217.221.146:8080
159.89.202.34:443
159.65.88.10:8080
82.223.21.224:8080
169.57.156.166:8080
45.176.232.124:443
45.235.8.30:8080
173.212.193.249:8080
107.170.39.149:8080
119.59.103.152:8080
167.172.199.165:8080
91.207.28.33:8080
185.4.135.165:8080
104.168.155.143:8080
Targets
-
-
Target
ZTt71JOZkARnhsX0wNYTrNWUu.dll
-
Size
535.9MB
-
MD5
1e9268ef46de69a2323becab20ca7c8e
-
SHA1
5a3a781127ab745a321ef8b8caaffa7f96a2c323
-
SHA256
fd1fdb7faa22021501f10a006a702efe765840a52d6114a48f46dc66c166da93
-
SHA512
6d8880f060f20ae0b78f19e99e1bcab6c1fe9546623e0d3e10744b97144e2b202451a5535377cc447d2ceb8fface4652acd14b1b5adef43291933ba779d81d6c
-
SSDEEP
12288:6iWi2RszBxSICcO5w6SudYEW/N4HTJ4NYu3cX:4inOcO5wJVETHTJwYusX
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Adds Run key to start application
-