General
-
Target
emotet_e1_45e691f571f8909970ad0e971e3938bcb3b65f8c0f741213b9dfe6cd64ba5062_2020-10-26__121000216987._fpx
-
Size
167KB
-
Sample
201026-kfxsaew8d2
-
MD5
25c855ae9ffa280bc8397500ef0b1c2e
-
SHA1
c5f7ffc4f84e2494473277d797207c092bb59adb
-
SHA256
45e691f571f8909970ad0e971e3938bcb3b65f8c0f741213b9dfe6cd64ba5062
-
SHA512
5ba37671f54c349f74cb370edea971f78794d98ee03c627f1018231682df738943a8eae4b14d7420b20101d494a7ced6c712967ac35c78c4eab6ead4ea987476
Static task
static1
Behavioral task
behavioral1
Sample
emotet_e1_45e691f571f8909970ad0e971e3938bcb3b65f8c0f741213b9dfe6cd64ba5062_2020-10-26__121000216987._fpx.doc
Resource
win7
Malware Config
Extracted
http://innhanmacquanaogiare.com/wp-includes/Jh1/
http://www.edgeclothingmcr.com/indexing/c9/
https://thepremiumplace.com/wp-content/5/
https://florinconsultancy.com/wp-content/1/
https://udaysolopiano.com/wp-content/J/
https://sanayate.com/wp-includes/hd/
https://www.jorgecoronel.com/webmaster/kYH/
Extracted
emotet
Epoch1
81.214.253.80:443
94.23.62.116:8080
98.103.204.12:443
59.148.253.194:8080
197.232.36.108:80
74.58.215.226:80
79.118.74.90:80
181.123.6.86:80
5.89.33.136:80
137.74.106.111:7080
189.223.16.99:80
187.162.248.237:80
181.61.182.143:80
129.232.220.11:8080
178.211.45.66:8080
45.33.77.42:8080
94.176.234.118:443
128.92.203.42:80
12.162.84.2:8080
212.71.237.140:8080
24.135.69.146:80
190.190.219.184:80
37.183.81.217:80
201.71.228.86:80
191.97.154.2:80
152.169.22.67:80
191.182.6.118:80
186.70.127.199:8090
201.213.177.139:80
197.245.25.228:80
2.85.9.41:8080
188.157.101.114:80
51.15.7.145:80
87.106.46.107:8080
185.183.16.47:80
82.76.111.249:443
217.13.106.14:8080
190.24.243.186:80
70.32.84.74:8080
46.43.2.95:8080
188.135.15.49:80
186.103.141.250:443
175.143.12.123:8080
2.45.176.233:80
209.236.123.42:8080
51.255.165.160:8080
190.115.18.139:8080
168.197.45.36:80
37.187.161.206:8080
190.101.156.139:80
173.68.199.157:80
82.76.52.155:80
68.183.170.114:8080
70.169.17.134:80
177.144.130.105:8080
201.49.239.200:443
170.81.48.2:80
64.201.88.132:80
77.238.212.227:80
213.197.182.158:8080
138.97.60.141:7080
174.118.202.24:443
177.129.17.170:443
37.179.145.105:80
50.28.51.143:8080
12.163.208.58:80
172.86.186.21:8080
46.101.58.37:8080
45.46.37.97:80
188.251.213.180:80
68.183.190.199:8080
60.93.23.51:80
181.56.32.36:80
46.105.114.137:8080
192.232.229.54:7080
177.144.130.105:443
178.250.54.208:8080
109.190.35.249:80
183.176.82.231:80
1.226.84.243:8080
74.135.120.91:80
149.202.72.142:7080
177.23.7.151:80
219.92.13.25:80
5.196.35.138:7080
213.52.74.198:80
202.134.4.210:7080
81.215.230.173:443
76.121.199.225:80
138.97.60.140:8080
24.232.228.233:80
200.59.6.174:80
216.47.196.104:80
83.169.21.32:7080
189.2.177.210:443
181.30.61.163:443
192.241.143.52:8080
172.104.169.32:8080
70.32.115.157:8080
181.129.96.162:8080
109.190.249.106:80
111.67.12.221:8080
190.188.245.242:80
177.73.0.98:443
85.214.26.7:8080
51.75.33.127:80
62.84.75.50:80
103.236.179.162:80
98.13.75.196:80
181.58.181.9:80
177.107.79.214:8080
186.189.249.2:80
104.131.41.185:8080
77.78.196.173:443
185.94.252.27:443
Targets
-
-
Target
emotet_e1_45e691f571f8909970ad0e971e3938bcb3b65f8c0f741213b9dfe6cd64ba5062_2020-10-26__121000216987._fpx
-
Size
167KB
-
MD5
25c855ae9ffa280bc8397500ef0b1c2e
-
SHA1
c5f7ffc4f84e2494473277d797207c092bb59adb
-
SHA256
45e691f571f8909970ad0e971e3938bcb3b65f8c0f741213b9dfe6cd64ba5062
-
SHA512
5ba37671f54c349f74cb370edea971f78794d98ee03c627f1018231682df738943a8eae4b14d7420b20101d494a7ced6c712967ac35c78c4eab6ead4ea987476
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Emotet Payload
Detects Emotet payload in memory.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation