Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33bf31ffc5b3c56199e0b5b8c952aeab2fb5319a73bdfcfc8ed0d5e0295b3c4a

  • Size

    165KB

  • Sample

    191210-vzsg1fmrzs

  • MD5

    5cf413e5abb18bbb37a7bee56aceb604

  • SHA1

    ea484ab3afb50c92f265bf551fccd955249a1a43

  • SHA256

    33bf31ffc5b3c56199e0b5b8c952aeab2fb5319a73bdfcfc8ed0d5e0295b3c4a

  • SHA512

    43c805fb00342fe84fff862a6e39279aff06fbc12eec5366006430467e23b464fbc4b3291770c66db1206bbbc3d02d55bd9a63b32916eaf50acaff5255db95a3

Score
10/10
emotetepoch3bankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://profileonline360.com/Search-Replace-DB-master/cxesii/
exe.dropper

http://richardciccarone.com/watixl/KbSXxlb/
exe.dropper

http://aminulnakla.com/test/ERmpCOhO/
exe.dropper

http://abanti.mygifts.xyz/resources/u4et7xi3r-n6a4-65/
exe.dropper

http://38seventeen.com/wp-content/eSKnzZS/

Extracted

Family

emotet

Botnet

Epoch3

C2

24.27.122.202:80

67.171.182.231:80

190.171.135.235:80

103.9.145.19:8080

46.105.128.215:8080

172.105.213.30:80

69.30.205.162:7080

115.179.91.58:80

181.44.166.242:80

78.46.87.133:8080

81.213.145.45:443

83.156.88.159:80

210.111.160.220:80

195.191.107.67:80

192.241.220.183:8080

1.32.54.12:8080

192.161.190.171:8080

190.189.79.73:80

122.11.164.183:80

41.77.74.214:443
rsa_pubkey.plain

Targets

    • Target

      33bf31ffc5b3c56199e0b5b8c952aeab2fb5319a73bdfcfc8ed0d5e0295b3c4a

    • Size

      165KB

    • MD5

      5cf413e5abb18bbb37a7bee56aceb604

    • SHA1

      ea484ab3afb50c92f265bf551fccd955249a1a43

    • SHA256

      33bf31ffc5b3c56199e0b5b8c952aeab2fb5319a73bdfcfc8ed0d5e0295b3c4a

    • SHA512

      43c805fb00342fe84fff862a6e39279aff06fbc12eec5366006430467e23b464fbc4b3291770c66db1206bbbc3d02d55bd9a63b32916eaf50acaff5255db95a3

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Executes dropped EXE

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks