Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Docs_7f6f469f6981d4a92806d0d3b706e258.1

  • Size

    127KB

  • Sample

    191216-6th7p8k31a

  • MD5

    7f6f469f6981d4a92806d0d3b706e258

  • SHA1

    b62ce47650a8cad8dc922fdf54db41e5c2fc0b4c

  • SHA256

    0dfb26cd2eb02c921a9c73c9c5615dfb666cdd33971639d6441eb6893ae2efe1

  • SHA512

    96ab1419ab38bc0958ab7d0d130efda8302f3f07555753882d28ca19fd0f73a5f781fdf617a741503b8b858dec1d182b08c880c48c5875e672462880b600a8bd

Score
10/10
emotetepoch3bankerevasiontrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://lilikhendarwati.com/wp-admin/JbdTQoQQ/
exe.dropper

http://www.zhangboo.com/wp-admin/lwhcvV/
exe.dropper

http://test.windsorheatingandair.com/wp-includes/r9lv-4teq5ff-8759846140/
exe.dropper

https://www.jackiejill.com/wp-includes/yiqr4r6a-dwt7s0u-26965878/
exe.dropper

http://apolina.pl/engl/1tuh6ul-gakf89-994/

Extracted

Family

emotet

Botnet

Epoch3

C2

190.38.252.45:443

105.225.77.21:80

181.167.35.84:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

69.30.205.162:7080

190.161.67.63:80

81.82.247.216:80

72.69.99.47:80

172.90.70.168:443

91.117.31.181:80

200.71.112.158:53

51.77.113.97:8080

190.101.87.170:80

96.234.38.186:8080

190.146.14.143:443

86.70.224.211:80

88.247.26.78:80

175.103.239.50:80
rsa_pubkey.plain

Targets

    • Target

      Docs_7f6f469f6981d4a92806d0d3b706e258.1

    • Size

      127KB

    • MD5

      7f6f469f6981d4a92806d0d3b706e258

    • SHA1

      b62ce47650a8cad8dc922fdf54db41e5c2fc0b4c

    • SHA256

      0dfb26cd2eb02c921a9c73c9c5615dfb666cdd33971639d6441eb6893ae2efe1

    • SHA512

      96ab1419ab38bc0958ab7d0d130efda8302f3f07555753882d28ca19fd0f73a5f781fdf617a741503b8b858dec1d182b08c880c48c5875e672462880b600a8bd

    Score
    10/10
    trojanbankeremotetevasion

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    task1task2

MITRE ATT&CK Enterprise v6

Tasks