emotet

General

Target

rapport_28024-52319151.doc
Size

168KB
Sample

210106-pky38fv7kn
MD5

39a05922d34642ee4958304add8d54eb
SHA1

3cb5fd2ba8ad02ce3249fae91a8aeacc9f4deacb
SHA256

97db35169efb4ca721fe80b4450f20bb14bc9bbef1e971c06696aeff14b87d2e
SHA512

8488991a4a866d85f34680d2a9e5d9268de2b24a9059ec920542b6938222ef948a50e1826b8a154fe4ab4cd859e025407213f2c325c3f7634f0eeea5a8c03649

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://petafilm.com/wp-admin/4m/

exe.dropper

http://givingthanksdaily.com/qlE/VeF/

exe.dropper

http://wap.zhonglisc.com/wp-includes/QryCB/

exe.dropper

https://fnjbq.com/wp-includes/rlR/

exe.dropper

https://sakhisuhaninarijeevika.com/wp-includes/CvGUjvE/

exe.dropper

http://zieflix.teleskopstore.com/cgi-bin/Gt3S/

exe.dropper

https://somanap.com/wp-admin/P/

Extracted

Family

emotet

Botnet

Epoch1

C2

5.2.136.90:80

186.147.237.3:8080

138.197.99.250:8080

167.71.148.58:443

211.215.18.93:8080

187.162.248.237:80

1.226.84.243:8080

110.39.160.38:443

5.196.35.138:7080

59.148.253.194:8080

45.16.226.117:443

95.76.153.115:80

181.61.182.143:80

46.43.2.95:8080

188.135.15.49:80

81.215.230.173:443

45.4.32.50:80

81.214.253.80:443

94.176.234.118:443

212.71.237.140:8080

rsa_pubkey.plain

Targets

- Target
  
  rapport_28024-52319151.doc
- Size
  
  168KB
- MD5
  
  39a05922d34642ee4958304add8d54eb
- SHA1
  
  3cb5fd2ba8ad02ce3249fae91a8aeacc9f4deacb
- SHA256
  
  97db35169efb4ca721fe80b4450f20bb14bc9bbef1e971c06696aeff14b87d2e
- SHA512
  
  8488991a4a866d85f34680d2a9e5d9268de2b24a9059ec920542b6938222ef948a50e1826b8a154fe4ab4cd859e025407213f2c325c3f7634f0eeea5a8c03649
Score

10^/10

emotet epoch1 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2