Overview

overview

10

Static

static

6

E3.bin.exe

windows7_x64

10

E3.bin.exe

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    09-09-2020 17:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    E3.bin.exe

  • Size

    608KB

  • MD5

    2f29d97e32543fc84bcce2329f7fa67a

  • SHA1

    10a01a286ccd88c8d4851d99a3ed35fd080eeb3a

  • SHA256

    b1bea682ad5cd9c75f156c91d950baf9e7b6e2febc2c775f5f7eefe681c6bda4

  • SHA512

    b2e46a07daa43eef710a9a1911a09a4022eda136c822fbdaf4c264e6664e5a8009cf84ab2d91a0e41b533525b8fdd959edbf071f772df524fbcba9d5bd7112d7

Score
10/10
trojanbankeremotet

Malware Config

Extracted

Family

emotet

C2

190.194.12.132:80

51.254.140.91:7080

51.75.163.68:7080

162.144.42.60:8080

77.74.78.80:443

143.95.101.72:8080

81.214.253.80:443

222.159.240.58:80

37.205.9.252:7080

45.182.161.17:80

188.0.135.237:80

118.10.44.53:80

223.17.215.76:80

80.200.62.81:20

179.191.239.255:80

172.105.78.244:8080

181.122.154.240:80

41.185.29.128:8080

198.57.203.63:8080

179.62.238.49:80
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\E3.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\E3.bin.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/900-0-0x00000000001C0000-0x00000000001D2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/900-1-0x0000000000270000-0x0000000000280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1596-2-0x000007FEF6BB0000-0x000007FEF6E2A000-memory.dmp

    Filesize

    2.5MB

    Download