Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa5b4af7134bfa63da59394759a96446206d407cf1f98e51a116ec18f019a4e8.doc

  • Size

    175KB

  • Sample

    200128-ax2z4shrf6

  • MD5

    76c649f7c056615a78723db21b465010

  • SHA1

    753312efff9395dea5f7ef01083e64ef6399c2df

  • SHA256

    aa5b4af7134bfa63da59394759a96446206d407cf1f98e51a116ec18f019a4e8

  • SHA512

    51ae10fd5a77aef141bc679d32465e7c31ce8609102bad88ecf47de9d362dce0f96fb10538c8419bbd5bb3a06ffe6623f24e961c2a3afa159f0e3c5c0e76f0bd

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://apk-downloader.net/wp-admin/F8/
exe.dropper

http://www2.jessicagalfas.com/87/M6OdJf/
exe.dropper

http://conilizate.com/Sitio_web/9LwoZ/
exe.dropper

http://kevinmk.com/0ir9m/sOp556/
exe.dropper

http://elitenews.in/js8nbf8h/mEs981/

Extracted

Family

emotet

Botnet

Epoch1

C2

70.184.112.55:80

5.34.158.102:80

144.139.91.187:80

12.162.84.2:8080

72.47.209.128:80

74.50.51.115:7080

184.172.27.82:8080

202.62.39.111:80

181.10.204.106:80

91.72.179.214:80

203.130.0.69:80

189.201.197.98:8080

201.213.32.59:80

204.225.249.100:7080

212.71.237.140:8080

94.176.234.118:443

201.213.100.141:8080

31.16.195.72:80

185.94.252.12:80

146.255.96.214:443
rsa_pubkey.plain

Targets

    • Target

      aa5b4af7134bfa63da59394759a96446206d407cf1f98e51a116ec18f019a4e8.doc

    • Size

      175KB

    • MD5

      76c649f7c056615a78723db21b465010

    • SHA1

      753312efff9395dea5f7ef01083e64ef6399c2df

    • SHA256

      aa5b4af7134bfa63da59394759a96446206d407cf1f98e51a116ec18f019a4e8

    • SHA512

      51ae10fd5a77aef141bc679d32465e7c31ce8609102bad88ecf47de9d362dce0f96fb10538c8419bbd5bb3a06ffe6623f24e961c2a3afa159f0e3c5c0e76f0bd

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Process spawned unexpected child process

    • Executes dropped EXE

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks