Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    115088a6fc23e09b797f8256fd67ee60eae48df940103b7607f7d171523dd47e

  • Size

    183KB

  • Sample

    191220-a7zes4m8rs

  • MD5

    03dc2eb86067cd6c728756bcc340ea51

  • SHA1

    afce05bc5862b88049220e1ef68b6257d3244b48

  • SHA256

    115088a6fc23e09b797f8256fd67ee60eae48df940103b7607f7d171523dd47e

  • SHA512

    03d7b99175c9501ace8c8d8abd5fa804bec544f946f7acab9684006c756943d905c25e2b3d3a93b184446bd0e30326658b803fc53c7d64df09870ca3c7829fec

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://peikeshargh.com/wp-admin/HXU15i/
exe.dropper

http://cooklawyerllc.com/DB/XygG68105/
exe.dropper

https://www.meditationmusic.shop/musicshop/MYatxrUp/
exe.dropper

http://magic-in-china.com/wovltk23ld/f9aH1153/
exe.dropper

http://www.ikedi.info/wp-content/x4f7893/

Extracted

Family

emotet

Botnet

Epoch1

C2

177.180.115.224:80

177.242.21.126:80

190.210.236.139:80

144.217.117.207:8080

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

5.88.27.67:8080

37.187.6.63:8080

186.15.83.52:8080

201.213.32.59:80

97.81.12.153:80

178.79.163.131:8080

138.68.106.4:7080

217.199.160.224:8080

181.61.143.177:80

189.19.81.181:443

186.68.48.204:443

118.36.70.245:80

80.11.158.65:8080
rsa_pubkey.plain

Targets

    • Target

      115088a6fc23e09b797f8256fd67ee60eae48df940103b7607f7d171523dd47e

    • Size

      183KB

    • MD5

      03dc2eb86067cd6c728756bcc340ea51

    • SHA1

      afce05bc5862b88049220e1ef68b6257d3244b48

    • SHA256

      115088a6fc23e09b797f8256fd67ee60eae48df940103b7607f7d171523dd47e

    • SHA512

      03d7b99175c9501ace8c8d8abd5fa804bec544f946f7acab9684006c756943d905c25e2b3d3a93b184446bd0e30326658b803fc53c7d64df09870ca3c7829fec

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Process spawned unexpected child process

    • Executes dropped EXE

    • Drops file in System32 directory

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks