emotet | 5452b9448c3310adaa86f6020c32d6ae4727fce5049f613ad9242e2f35e94eff | Triage

Sharing

General

Target

INVOICE JSM9193_1565826.doc
Size

73KB
Sample

200129-tw57ntqase
MD5

ff53bc8e127ca05241c53cd4a50df412
SHA1

6640c882b606fc8b297a5b1d8bf6c8b68a95f0c4
SHA256

5452b9448c3310adaa86f6020c32d6ae4727fce5049f613ad9242e2f35e94eff
SHA512

b1e6b10ee77a6e46a9d4b7a556bfbf21ed383994b92b43754fc46920f369257873293743731bc0202030f2e6b747c07fe28e683402f9cafe365225feb75e23c8

Score

10^/10

emotet epoch3 banker trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

186.10.98.177:80

154.70.158.97:80

95.66.182.136:80

68.183.18.169:8080

178.62.75.204:8080

178.33.167.120:8080

144.76.56.36:8080

61.204.119.188:443

163.172.107.70:8080

156.155.163.232:80

91.117.31.181:80

153.183.25.24:80

110.2.118.164:80

195.250.143.182:80

162.154.175.215:80

50.116.78.109:8080

72.176.87.136:80

184.162.115.11:443

37.70.131.107:80

181.39.96.86:443

rsa_pubkey.plain

Targets

- Target
  
  INVOICE JSM9193_1565826.doc
- Size
  
  73KB
- MD5
  
  ff53bc8e127ca05241c53cd4a50df412
- SHA1
  
  6640c882b606fc8b297a5b1d8bf6c8b68a95f0c4
- SHA256
  
  5452b9448c3310adaa86f6020c32d6ae4727fce5049f613ad9242e2f35e94eff
- SHA512
  
  b1e6b10ee77a6e46a9d4b7a556bfbf21ed383994b92b43754fc46920f369257873293743731bc0202030f2e6b747c07fe28e683402f9cafe365225feb75e23c8
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

trojanbankeremotet

task2

trojanbankeremotet