Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    709515b23e5b747439017795a65815ee0b37983e8a39520cc541e85472a7095d

  • Size

    253KB

  • Sample

    200117-3x7fl2ypxn

  • MD5

    0c4197d506665a8bddccd8afce399fb6

  • SHA1

    95ba10caa2cb455e48d1448d61a7f6eee39e1944

  • SHA256

    709515b23e5b747439017795a65815ee0b37983e8a39520cc541e85472a7095d

  • SHA512

    88466fdb025fef67faac6a67e5e40cf95ce5d0728c765b3e218cba466ec523502891afebaf55a215d73a779685250d1261dc27a650a9e7e018999792ff52866a

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://oniongames.jp/contact/iY/
exe.dropper

http://pmthome.com/posta/dr3zxa/
exe.dropper

http://urgeventa.es/img/k35d9q/
exe.dropper

https://solmec.com.ar/sitio/nTXZomKCx/
exe.dropper

https://tiagocambara.com/cgi-bin/s96/

Extracted

Family

emotet

Botnet

Epoch2

C2

68.172.243.146:80

64.40.250.5:80

81.17.92.70:80

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

37.139.21.175:8080

73.11.153.178:8080

192.241.255.77:8080

91.205.215.66:443

201.229.45.222:8080

46.105.131.87:80

188.0.135.237:80

78.142.114.69:80

64.53.242.181:8080

93.147.141.5:443

101.187.134.207:8080

72.189.57.105:80

190.117.126.169:80
rsa_pubkey.plain

Targets

    • Target

      709515b23e5b747439017795a65815ee0b37983e8a39520cc541e85472a7095d

    • Size

      253KB

    • MD5

      0c4197d506665a8bddccd8afce399fb6

    • SHA1

      95ba10caa2cb455e48d1448d61a7f6eee39e1944

    • SHA256

      709515b23e5b747439017795a65815ee0b37983e8a39520cc541e85472a7095d

    • SHA512

      88466fdb025fef67faac6a67e5e40cf95ce5d0728c765b3e218cba466ec523502891afebaf55a215d73a779685250d1261dc27a650a9e7e018999792ff52866a

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Process spawned unexpected child process

    • Executes dropped EXE

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks