Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb4eb20a88f40b3879d636e628d900f8cc7725d7029eb535b7144117fe9a079c

  • Size

    249KB

  • Sample

    200117-8hq6adymtn

  • MD5

    641656489c02ceaf8db5ef7556dfa4ae

  • SHA1

    c4f58cc287ca965d7c3ca8e331b009e917492199

  • SHA256

    fb4eb20a88f40b3879d636e628d900f8cc7725d7029eb535b7144117fe9a079c

  • SHA512

    e0eba2bcd1d9752e8157d24f294414aa865694acb6c366c84f0035c6099e24576a0a2d576ea6cb953d9cc3c1f738124ee8dfd1489fd575372eccd3743d595909

Score
10/10
emotetepoch3bankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://friendzonecafe.com/cgi-bin/JNjiKG/
exe.dropper

http://www.jalanuang.com/wp-content/wfwwwTbw/
exe.dropper

http://erfanpich.com/wp-includes/iCWesb/
exe.dropper

https://myevol.biz/office365/JypsIM/
exe.dropper

http://aminanchondo.com/wp-admin/qdedi66f4-ts7-841192/

Extracted

Family

emotet

Botnet

Epoch3

C2

177.103.240.93:80

197.94.32.129:8080

58.92.179.55:443

124.150.175.133:80

143.95.101.72:8080

91.205.173.150:8080

69.30.205.162:7080

125.209.114.180:443

78.210.132.35:80

112.186.195.176:80

183.87.40.21:8080

91.83.93.103:443

66.229.161.86:443

114.179.127.48:80

41.77.74.214:443

122.19.63.27:80

50.116.78.109:8080

200.82.88.254:80

42.51.192.231:8080

160.119.153.20:80
rsa_pubkey.plain

Targets

    • Target

      fb4eb20a88f40b3879d636e628d900f8cc7725d7029eb535b7144117fe9a079c

    • Size

      249KB

    • MD5

      641656489c02ceaf8db5ef7556dfa4ae

    • SHA1

      c4f58cc287ca965d7c3ca8e331b009e917492199

    • SHA256

      fb4eb20a88f40b3879d636e628d900f8cc7725d7029eb535b7144117fe9a079c

    • SHA512

      e0eba2bcd1d9752e8157d24f294414aa865694acb6c366c84f0035c6099e24576a0a2d576ea6cb953d9cc3c1f738124ee8dfd1489fd575372eccd3743d595909

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Process spawned unexpected child process

    • Executes dropped EXE

    • Drops file in System32 directory

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks