Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b11e519a8f42bf7595ffeef2ec73eca776e8890ffcad84ffce350bfc00b1058a

  • Size

    232KB

  • Sample

    200114-c7km6gspqn

  • MD5

    25d71110cd372ea9263078494e378f59

  • SHA1

    bf9e54f912a4341e0e44f5df9c301cae36f46418

  • SHA256

    b11e519a8f42bf7595ffeef2ec73eca776e8890ffcad84ffce350bfc00b1058a

  • SHA512

    7e101154814fb1d60f5cfa07ac01898f70c28a8befd473963462dac15482bfa83f56d69ffd63b8040abab65e6970341db655dc3ddb97bdb5fec336724d167cb4

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://bkj2002.com/wp-content/bY/
exe.dropper

https://topagency.nathanonline.us/wp-admin/e1p/
exe.dropper

https://dukeata.com/login_form/jAle/
exe.dropper

https://howelltaxi.com/wp-admin/jX/
exe.dropper

https://lausinexamenes.com/disclosures/6bp/

Extracted

Family

emotet

Botnet

Epoch2

C2

70.175.171.251:80

177.239.160.121:80

89.211.186.227:443

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

181.143.126.170:80

190.53.135.159:21

200.116.145.225:443

139.130.242.43:80

37.139.21.175:8080

103.86.49.11:8080

45.51.40.140:80

221.165.123.72:80

31.172.240.91:8080

78.189.180.107:80

178.153.176.124:80

182.176.132.213:8090

201.184.105.242:443
rsa_pubkey.plain

Targets

    • Target

      b11e519a8f42bf7595ffeef2ec73eca776e8890ffcad84ffce350bfc00b1058a

    • Size

      232KB

    • MD5

      25d71110cd372ea9263078494e378f59

    • SHA1

      bf9e54f912a4341e0e44f5df9c301cae36f46418

    • SHA256

      b11e519a8f42bf7595ffeef2ec73eca776e8890ffcad84ffce350bfc00b1058a

    • SHA512

      7e101154814fb1d60f5cfa07ac01898f70c28a8befd473963462dac15482bfa83f56d69ffd63b8040abab65e6970341db655dc3ddb97bdb5fec336724d167cb4

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Process spawned unexpected child process

    • Executes dropped EXE

    • Drops file in System32 directory

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks