Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec50dd262063dfc0f05309888bd9e76c316af53094c814cddd7f219d9c2035b8.doc

  • Size

    135KB

  • Sample

    200125-mh2dmwb2l6

  • MD5

    b6b654f8b96b22e07299fae57515efe9

  • SHA1

    86283a8aecedc38d4ced7ac806afef5e1296682d

  • SHA256

    ec50dd262063dfc0f05309888bd9e76c316af53094c814cddd7f219d9c2035b8

  • SHA512

    4b8adc695507bc3d6afdb4f22bc17e71b361259dcf967586c24e8d93dfc23db6ea30588c4759e93e362bebccff95ef3597219de65455a0cb23175925ea9c0d02

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.yuzemin.com/wp-admin/2dWf/
exe.dropper

https://lmheritage.com/wp-content/6Vh5hy7QE7/
exe.dropper

http://www.videract.com/pnllsek25ksj/Fnw81309/
exe.dropper

http://www.theophile-ministere.com/cgi-bin/vLG0JG7N/
exe.dropper

https://icm.company/cgi-bin/c142/

Extracted

Family

emotet

Botnet

Epoch1

C2

186.138.186.74:443

190.24.243.186:80

68.174.15.223:80

68.183.170.114:8080

45.79.95.107:443

192.241.143.52:8080

159.65.241.220:8080

142.93.114.137:8080

70.123.95.180:80

62.75.143.100:7080

91.242.136.103:80

109.169.86.13:8080

202.62.39.111:80

181.231.220.232:80

188.216.24.204:80

86.42.166.147:80

186.15.83.52:8080

178.79.163.131:8080

114.109.179.60:80

110.170.65.146:80
rsa_pubkey.plain

Targets

    • Target

      ec50dd262063dfc0f05309888bd9e76c316af53094c814cddd7f219d9c2035b8.doc

    • Size

      135KB

    • MD5

      b6b654f8b96b22e07299fae57515efe9

    • SHA1

      86283a8aecedc38d4ced7ac806afef5e1296682d

    • SHA256

      ec50dd262063dfc0f05309888bd9e76c316af53094c814cddd7f219d9c2035b8

    • SHA512

      4b8adc695507bc3d6afdb4f22bc17e71b361259dcf967586c24e8d93dfc23db6ea30588c4759e93e362bebccff95ef3597219de65455a0cb23175925ea9c0d02

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Process spawned unexpected child process

    • Executes dropped EXE

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks