Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc85a963caeacf32943c486ace740c260a41b6f16d37de840fbd42f30c6e26f3

  • Size

    245KB

  • Sample

    200116-1czy1x2rfs

  • MD5

    c41c4c0cb5d92600468d2b3646fe5068

  • SHA1

    16fce0d847dede173f123b368b5c309ae34994bf

  • SHA256

    bc85a963caeacf32943c486ace740c260a41b6f16d37de840fbd42f30c6e26f3

  • SHA512

    1ce4f225e23ac32913f4b8b88a652bace401a4a10283f73e940ade020e80da3f37461e1d2f9ef8f4c35bbfe12e4c44830188cd5b53c4f6ab81151a7dee32a1c8

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ajhmanamlak.com/wp-content/rcz9/
exe.dropper

http://maphagroup.com/wp-admin/mtq/
exe.dropper

http://www.meggie-jp.com/images/Tznj/
exe.dropper

http://giatlalaocai.com/wp-admin/Yz98SWY6/
exe.dropper

https://www.nnjastudio.com/wp-admin/xHjsw/

Extracted

Family

emotet

Botnet

Epoch2

C2

68.172.243.146:80

64.40.250.5:80

81.17.92.70:80

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

37.139.21.175:8080

73.11.153.178:8080

192.241.255.77:8080

91.205.215.66:443

201.229.45.222:8080

46.105.131.87:80

188.0.135.237:80

78.142.114.69:80

64.53.242.181:8080

93.147.141.5:443

101.187.134.207:8080

72.189.57.105:80

190.117.126.169:80
rsa_pubkey.plain

Targets

    • Target

      bc85a963caeacf32943c486ace740c260a41b6f16d37de840fbd42f30c6e26f3

    • Size

      245KB

    • MD5

      c41c4c0cb5d92600468d2b3646fe5068

    • SHA1

      16fce0d847dede173f123b368b5c309ae34994bf

    • SHA256

      bc85a963caeacf32943c486ace740c260a41b6f16d37de840fbd42f30c6e26f3

    • SHA512

      1ce4f225e23ac32913f4b8b88a652bace401a4a10283f73e940ade020e80da3f37461e1d2f9ef8f4c35bbfe12e4c44830188cd5b53c4f6ab81151a7dee32a1c8

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Process spawned unexpected child process

    • Executes dropped EXE

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks