Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca99f191c3ae6a2034d8370f23374146725012b89a87773d3675eb41a1176599

  • Size

    232KB

  • Sample

    200114-7rr59yjph2

  • MD5

    621d2c650f99659d758b278a96d70411

  • SHA1

    427663c2443c7da198a9f48063b8a7c09840e3cb

  • SHA256

    ca99f191c3ae6a2034d8370f23374146725012b89a87773d3675eb41a1176599

  • SHA512

    dbc8253b137850fb6f08f5e182402cf1e3612fbf20f11be95875ed54d157cfada98eb72f71cb55d3ddec95b2e44fe86498a0d49e50a38ec96557911de84069df

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.opccmission.org/wp-includes/PRQWj892236/
exe.dropper

http://butterflyvfx.synergy-college.org/3fb7513/
exe.dropper

https://www.app48.cn/logreport/01416692/
exe.dropper

http://diek.nou.nl/app/gC4059/
exe.dropper

http://www.aiga.it/wp-admin/2Hf689/

Extracted

Family

emotet

Botnet

Epoch1

C2

99.252.27.6:80

152.231.89.226:80

86.123.138.76:80

192.241.143.52:8080

159.65.241.220:8080

45.79.95.107:443

69.163.33.84:8080

37.187.6.63:8080

59.120.5.154:80

188.135.15.49:80

125.99.61.162:7080

120.150.247.164:80

189.19.81.181:443

190.210.236.139:80

190.17.44.48:80

142.93.114.137:8080

93.144.226.57:80

172.104.169.32:8080

178.79.163.131:8080

94.200.126.42:80
rsa_pubkey.plain

Targets

    • Target

      ca99f191c3ae6a2034d8370f23374146725012b89a87773d3675eb41a1176599

    • Size

      232KB

    • MD5

      621d2c650f99659d758b278a96d70411

    • SHA1

      427663c2443c7da198a9f48063b8a7c09840e3cb

    • SHA256

      ca99f191c3ae6a2034d8370f23374146725012b89a87773d3675eb41a1176599

    • SHA512

      dbc8253b137850fb6f08f5e182402cf1e3612fbf20f11be95875ed54d157cfada98eb72f71cb55d3ddec95b2e44fe86498a0d49e50a38ec96557911de84069df

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Process spawned unexpected child process

    • Executes dropped EXE

    • Drops file in System32 directory

    task1

MITRE ATT&CK Enterprise v6

Tasks