Missing Invoice Email Trojan

description: Email claims user has missed and invoice, includes Microsoft Word macro malware (Emotet)

publish date:

reference :

IOC Table
total 55
type value
domain steelstraightening.com
FileHash-MD5 022732c5407327ea3654995c4b1c9cf9
FileHash-MD5 0478aed7fc25ae268474c704fd2a3e0f
FileHash-MD5 097ae38568cb2448c700c7451469daff
FileHash-MD5 16cf07b6d6f758652122f5c01b561b38
FileHash-MD5 28803b5c2f9e15df02f63b0ebe49bad7
FileHash-MD5 4a84564dd4977bea4dfb4d26bcbf6eb8
FileHash-MD5 4f8345ef9da30b2f10ea40d003687a34
FileHash-MD5 52306321a91a019facf173abd7f64da8
FileHash-MD5 5d4d94ee7e06bbb0af9584119797b23a
FileHash-MD5 88595362c0f57953e9d52f00eaa76634
FileHash-MD5 a3ade410841e30428b8e2e2cd13d6d26
FileHash-MD5 cfe597846e4385b36c0555ba4a28de22
FileHash-MD5 de3323c32a55aa20a4ecfba63c2c4d60
FileHash-MD5 e5246a0252afdf379c8d56ec5e1a4be5
FileHash-MD5 f3b25701fe362ec84616a93a45ce9998
FileHash-MD5 f8040a3f6bfedaae24c6b72d75e7cf81
FileHash-SHA1 1e4781b943d3aea70df1e87cc27535db28387ca8
FileHash-SHA1 37eb1575318a651f055bf097cb80b9f6abc96781
FileHash-SHA1 57a1549a9e1e852960fc2b993bfc9c713af76d15
FileHash-SHA1 5ef543ce193044191392e2b8e887a300c52baf74
FileHash-SHA1 66e5f48bc863476a2515f6ec75bbf3b1267bd1e0
FileHash-SHA1 6ec1db13bf27a871db84246d158d23b48744b0c3
FileHash-SHA1 be3452034b99b191055d3e8daa13a3ce8b7c6e24
FileHash-SHA1 c8de45cedfb1b00c9246d9ea909bdf4739ad1a79
FileHash-SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
FileHash-SHA1 dbb111419c704f116efa8e72471dd83e86e49677
FileHash-SHA1 fee5c471b2dfcc005bc5363cef9ca564bbcaa4ad
FileHash-SHA256 10a02d3fea79599ab6fa9a8518045cc41b5fb50c57c01f69242b8bdb4b79d8c8
FileHash-SHA256 1f5e9f1c173cc8611a5d34e801c0a26ce7365cb1c7b660bcd88816153b76d467
FileHash-SHA256 3882a3e04d6cf66707b31c8cb14a7c9fe512d10dd355f97a37e8666270f6e17d
FileHash-SHA256 454a51d2c0b25bcc5f73dd4c6b1c8598eb0630be808a01ef918bdd16486ad0a9
FileHash-SHA256 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
FileHash-SHA256 4f7d00647389279040bd49b55308b47c829b6b9f73a8dea5871e7273f7161dd6
FileHash-SHA256 5d3e5a9b7730bd40f0cd4392367744bb7a3ddefd3b316d603e56369a7813ee68
FileHash-SHA256 60fa124b579ea2bde0ab7c41ea251583307cdb9cb143fef8d3b8c415addf3198
FileHash-SHA256 62cb96a1dc38ea7cd8c1738f267ca4ccb0de5253abe722a9b51a247aff9762f8
FileHash-SHA256 6bc0481d7b339a55f6493bfba40bca7819a3799a39b5beaf09490aafed45bc24
FileHash-SHA256 6cf81b6151884f0ee568082fde3304409f966498ed10895e552e8b3304f3a9d8
FileHash-SHA256 7ae43402b33483d995f4c64940500a3cd508a22e4e2ae9c70ead3f9fd6396bc7
FileHash-SHA256 85f212bbebc43450b8610511e5d77907fd3878c0000f80b088bc8c5e2cde127f
FileHash-SHA256 9345a23a44f174fe81ba231dea8dfa5f9345a23a44f174fe81ba231dea8dfa5f
FileHash-SHA256 a4e9587aae56c9f0f0a319ed009110666670bcc1d00b9376fffb584ba33c44fa
FileHash-SHA256 af5f22775580fd3b8309c972cbd660cf02e870c7b57c570b6d53b42a02d7865c
FileHash-SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
FileHash-SHA256 c71c46471319dfcdd48399b1256ecffaeb56b1a18743a2a078e5027c3a5ba14b
FileHash-SHA256 dbd8978e5692e11ff7bddd2817a10fbbb9938b8b7b8ccec0e9b5e8a25e633475
FileHash-SHA256 ea93597950ad69edae65d7ca850d99a7ea93597950ad69edae65d7ca850d99a7
FileHash-SHA256 f172aed17dad88cdd34085fcbdad3bd2383c1304f989bf6ebd84c21fa43b7cb1
IPv4 136.56.103.201
IPv4 216.172.183.202
URL http://136.56.103.201:80
URL http://216.172.183.202:80
URL http://136.56.103.201/
URL http://136.56.103.201/lpiograd.exe