General
-
Target
Documento.xlsm
-
Size
209KB
-
Sample
220224-prryzsdaa3
-
MD5
5acc6f1ff8366ddc895392da4e6a50e3
-
SHA1
45b3ef65a4dabdbbefec603fe3dca9bfb1c5c643
-
SHA256
0bb184f9c3e9cda4571bd806b90dbda484c331d9dce7af784405fd211f6c71c4
-
SHA512
dc1921d8e4c2a2496d1d44f4079e1518015aec4854eed6f7759136bc42b21e39305efc5285a9dd1ab846a73a6dbd04faa60489d0bfc38e00f416fd0ff443dc70
Behavioral task
behavioral1
Sample
Documento.xlsm
Resource
win7-20220223-en
Malware Config
Extracted
https://www.swaong.com/assets/VV4/
Extracted
emotet
Epoch4
135.148.121.246:8080
213.190.4.223:7080
175.107.196.192:80
46.55.222.11:443
153.126.203.229:8080
138.185.72.26:8080
45.118.135.203:7080
107.182.225.142:8080
195.154.133.20:443
79.172.212.216:8080
129.232.188.93:443
50.30.40.196:8080
131.100.24.231:80
58.227.42.236:80
216.158.226.206:443
45.118.115.99:8080
51.254.140.238:7080
173.212.193.249:8080
110.232.117.186:8080
81.0.236.90:443
158.69.222.101:443
103.75.201.2:443
185.157.82.211:8080
176.104.106.96:8080
82.165.152.127:8080
156.67.219.84:7080
212.237.17.99:8080
178.128.83.165:80
162.243.175.63:443
45.142.114.231:8080
103.134.85.85:80
178.79.147.66:8080
31.24.158.56:8080
103.75.201.4:443
217.182.143.207:443
159.8.59.82:8080
164.68.99.3:8080
209.126.98.206:8080
207.38.84.195:8080
119.235.255.201:8080
212.24.98.99:8080
212.237.56.116:7080
50.116.54.215:443
45.176.232.124:443
203.114.109.124:443
Targets
-
-
Target
Documento.xlsm
-
Size
209KB
-
MD5
5acc6f1ff8366ddc895392da4e6a50e3
-
SHA1
45b3ef65a4dabdbbefec603fe3dca9bfb1c5c643
-
SHA256
0bb184f9c3e9cda4571bd806b90dbda484c331d9dce7af784405fd211f6c71c4
-
SHA512
dc1921d8e4c2a2496d1d44f4079e1518015aec4854eed6f7759136bc42b21e39305efc5285a9dd1ab846a73a6dbd04faa60489d0bfc38e00f416fd0ff443dc70
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-