Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44abe729410d044a2cef2aaa8082e26a3fc1c5b6d3c143279e02a0cd41877394

  • Size

    199KB

  • Sample

    191218-n6ns3fr5gx

  • MD5

    876adc3b0a0be0d6621483a8257becd5

  • SHA1

    194d1a535065b9d4616c4f9ae4f8668047130295

  • SHA256

    44abe729410d044a2cef2aaa8082e26a3fc1c5b6d3c143279e02a0cd41877394

  • SHA512

    c343cfdc3864791807cdb5c38d5ec93f508590ae9750724d21252cda7f3a0e97cd963736a0dda73ddf9840a79671113f78100207fe7d08fd14e3d2707c3ce94c

Score
10/10
emotetepoch1bankerevasionspywaretrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://silverswiss.com/wp-includes/t5gp93/
exe.dropper

http://golford.com/wp-includes/nhens61255/
exe.dropper

https://limraitech.com/wp/2uknv7403/
exe.dropper

http://wdbusinessconsultant.com/wp-includes/uzse8/
exe.dropper

https://traceidentified.com/ranchLib/g5ynhrm62391/

Extracted

Family

emotet

Botnet

Epoch1

C2

63.248.198.8:80

189.19.81.181:443

130.204.247.253:80

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

51.255.165.160:8080

118.36.70.245:80

190.210.184.138:995

188.135.15.49:80

139.162.118.88:8080

72.29.55.174:80

68.183.170.114:8080

181.231.62.54:80

192.241.146.84:8080

71.76.45.83:443

63.246.252.234:80

37.211.49.127:80

74.59.187.94:80

5.88.27.67:8080
rsa_pubkey.plain

Targets

    • Target

      44abe729410d044a2cef2aaa8082e26a3fc1c5b6d3c143279e02a0cd41877394

    • Size

      199KB

    • MD5

      876adc3b0a0be0d6621483a8257becd5

    • SHA1

      194d1a535065b9d4616c4f9ae4f8668047130295

    • SHA256

      44abe729410d044a2cef2aaa8082e26a3fc1c5b6d3c143279e02a0cd41877394

    • SHA512

      c343cfdc3864791807cdb5c38d5ec93f508590ae9750724d21252cda7f3a0e97cd963736a0dda73ddf9840a79671113f78100207fe7d08fd14e3d2707c3ce94c

    Score
    10/10
    trojanbankeremotetevasionspyware

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Process spawned unexpected child process

    • Executes dropped EXE

    • Modifies system certificate store

      evasionspywaretrojan

    • Drops file in System32 directory

    task1

MITRE ATT&CK Enterprise v6

Tasks