Overview

overview

8

Static

static

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

NoNet

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    emotet-dll-20210112.zip

  • Size

    2.0MB

  • Sample

    210113-yh4m28a9na

  • MD5

    4c9e1d08bde0eff1b06308c003b37ea6

  • SHA1

    a55e40dbc2a8053052d53ffa6876953287b5a3f9

  • SHA256

    6aac3f272eb5c624a17e86377b2b6b5f8ea2331c865c51c8de111e0b7be3d9a3

  • SHA512

    80bad86edffde2170f8da3e75960ce4d22e2786d6b31c0ea7d51a84d7a26f05e1c1cf4b0774f9171e35c90a49b1f72db6054a08a21c908d28719d04fca422748

Score
8/10

Malware Config

Targets

    • Target

      E1-20191211_134358

    • Size

      275KB

    • MD5

      482d7ce178fde6369212b422f79a0fe0

    • SHA1

      fa1bdbbe44f2d250ab90e4eb0c723fd87f1c56a1

    • SHA256

      1c29ee38b530d12f332c77992f14a559af48b0ee44cd9dc2715aae9e374f17ba

    • SHA512

      6743c211738c078104051d5d00eea2a418f71b4e345d47f89c56b051584b8af549b2c1a3ff5b5f4d7a5c8ba307698afb8f2cdd14cdd06310f285b0a4856d0e42

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1

    • Target

      E1-20210112_173733

    • Size

      331KB

    • MD5

      08fdfe1ca632fa31140e2cbd84794bd5

    • SHA1

      0c51aad4c21dc66cfc347d472b6d9768470ce4b1

    • SHA256

      f93544c3fd1fbbcc9f0eca7960234a7d3ca56787410d8273ccb0aa42f2103e53

    • SHA512

      0ea7341140b21bfb8e3463ffb852b45e4c27be427bd1a6e528da91c536d19559e83d6a7044fb7a2e3bf4c200a0869517a840eaf3d68a98523f983dfb0d52fdec

    Score
    8/10

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral2

    • Target

      E1-20210112_211120

    • Size

      329KB

    • MD5

      f0f010b670c71181195f94d189ec8b53

    • SHA1

      1ca5b0b9cc00bc4a764b5ee00ca5aaf4a981a903

    • SHA256

      55eeb041b6efeb4fba80c2cc36f16266d2d83040a780b04cdc836952099d8e3f

    • SHA512

      3049eea8509b27378d94e2f66b2397358fcc1f1e017f56a8280b81b70ef6cfb89a35e1ddda9e20bf315ed3a6ed56a38d74b3b8d9d228171d575a43c2f1865bb6

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral3

    • Target

      E1-20210112_221451

    • Size

      331KB

    • MD5

      2375a730cb7a33413aba7447daa16bf6

    • SHA1

      b4e51c782824d40cd736b0963e516567ac6a5d88

    • SHA256

      e84ddc7edcac189655963d665bb2283847f6e1ccbbee1a96b23adaa2b65b04a9

    • SHA512

      3c418fd0ad364d8b23b3a5829f293caf6fdac9fb37c20b69e6b474b3ebbed45136712110b32d5b3cb1cf58a815bb68c9f2d4a82e92cfeccd7584f3ea9ede9d94

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral4

    • Target

      E1-20210112_230552

    • Size

      331KB

    • MD5

      326450493a6a872b95c90af0651e46ae

    • SHA1

      4c1ccd0ee13963864fdb9c9931b93e2a302bf2a8

    • SHA256

      9706c1e6cf0a5e79969541600c5139e5c41692b0ae94e3f900a9960b8612822a

    • SHA512

      4e772ca0a7b6c59a5c2152ce55794f2d3cbf60c7aa86344df742b505863e9d1b89507ceb0e41f6ddf4a4f48a2f7bf1a026465a8c88ff40044038f8e65596af5f

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral5

    • Target

      E2-20191211_134358

    • Size

      269KB

    • MD5

      b0cc1643b51ebc1d25a7de6cbc504edc

    • SHA1

      2a09dd2d222ca512753420e26b984ba3a7cca63f

    • SHA256

      771484c14f09249f55c153663ed58a68c17825e915eb01832e16717c6afa9c48

    • SHA512

      5a440b1254e8344c2c73255687d8bc3a49ba5e6f2f3ec4e411bec122320db6c64ecfe999d765ce91df5ab58a0d2af491068ffa14db89fb75d5d2d6f078c55ef5

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral6

    • Target

      E2-20210112_173730

    • Size

      332KB

    • MD5

      0c30c16d7223afd443251a117ffebd9b

    • SHA1

      2708bdea5bf694974d92bb3843e6041061ed6ee7

    • SHA256

      4aed7b3ade19e0e4ffabc13ad03713d2bafc003e9f489422f744eb3c463bf204

    • SHA512

      b4676fcd5941387aee986d137780beba205ea830365ed3d3283aec811350f7234eb218a732f06a202d4abbe8e9f0eb4798c96e3658eb4f05056b5b271ce2370e

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral7

    • Target

      E2-20210112_211117

    • Size

      326KB

    • MD5

      c4a8911d28912ce37a105b3d7c03ce40

    • SHA1

      8516a73f008136ba8eccaa74bd64d5016a7b3d06

    • SHA256

      726051e45495e6c807696107009e4875a01b2df99f36e0a296da8ee39ae3f9a3

    • SHA512

      68db8affb199b6f7acfdd7f41fae017da6462fc60c8c14d6c5673ec8f44c72f9a2ededba3a8682b637501cf6635efe571c04d76f861ae5b7a52cd6df09cad234

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral8

    • Target

      E2-20210112_221448

    • Size

      332KB

    • MD5

      f3c82d843b1b6e9a2595a6dfef54e729

    • SHA1

      725addc54f88be596ddf2c2b5541e132bcfa2ac9

    • SHA256

      760d2e3e76b0c65de8593dbac0f44447a0152e11caaa0d3bd21695e496e48419

    • SHA512

      f3432418328c030eb417b86df2531ab3e833a9400dc74d25b49505b4637230ddc209f72076c9888ef8b52c533f89ea4742c8a002dc1a4c6d2db247b7c52de6d3

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral9

    • Target

      E2-20210112_230549

    • Size

      332KB

    • MD5

      9cbfb794a1280a7219bcbc65d91b6c2c

    • SHA1

      97aab5a9656874d173bad0b0eeed88472d5a0947

    • SHA256

      989764326794814c77cf31f23f2e536cd49d316f9a143ad91fd21abf0a87f7b1

    • SHA512

      870950078c279cb92ece88bb816bdc6ac6e17c918e2c332d77f032f08f3d7441b4dac456ea17a1bb2abd9e2d9a4c11569795f5e69a5614da95222cb45d2a553a

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral10

    • Target

      E3-20191210_121355

    • Size

      239KB

    • MD5

      a857a067d464190f680aca4509ed083b

    • SHA1

      6b9a44df07a564533616a70b17b24868ceab66f7

    • SHA256

      11c8f11d1043c3a43be5057df084e29126d7a610bd4eccc4e639e4bcc1ba2cc2

    • SHA512

      f80c9b639b57aaa62bd92a869dd2657e0a3c4278b6efc4474216d4875f6ab7a1cc5b86304a2636bdacc6c3feb0873eec2d386b3ad228ad661d2fafe06cdb9cfd

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral11

    • Target

      E3-20210112_173736

    • Size

      336KB

    • MD5

      e63db032b34c9e343e9903753ef414e9

    • SHA1

      fdd2fb3aaea4582dd5dcadade18d435cb99856f6

    • SHA256

      8f850935bad28b7333f2bb57ad8801608f441cae52514f383a4d78e75974fb1f

    • SHA512

      5b19389081fcac038ca814153f03b9df92c3198110f6f05f3eab17789255a5127317303b502b210b5e2be7f9d8bfb1dc78421c70afc62f94220faa69c1c39264

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral12

    • Target

      E3-20210112_211123

    • Size

      335KB

    • MD5

      349b0c75039858ff7ff98a42a6ac8884

    • SHA1

      cb755ec802537917690f8b35e31da1a0529721e6

    • SHA256

      cdb34f43d85a8a663d7e1d21b250a81c905a4101e4736fc27fa36bafa35121c8

    • SHA512

      4f2d0c7a4df58ac8444ff8452502f50dd498ac110f9f9e1ef7cbc1ecb807ef195ddc5ef0f5f6b82048093e477ef591a9dc56f44f7fddc1b008b43e9a4d1ed55d

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral13

    • Target

      E3-20210112_221455

    • Size

      336KB

    • MD5

      d929734ca14dd60e9ff5f00ddeccb714

    • SHA1

      0527b4252950053b2d20d6b988812e1ccf6706ad

    • SHA256

      25cfb875f3580ad86963bb531ec75f24dc13c9a9c215cb35afcf78b54e0c3de5

    • SHA512

      4317a7f72081cf42734d36aae365206f00b740a687c088d51aeda4b008c60ed01ebc362386969dee74e9a35df382a8ffdab18de4100d3613c65924f9bfed942b

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral14

    • Target

      E3-20210112_230555

    • Size

      336KB

    • MD5

      962e0d4d1c8e6d42950021cf2d032684

    • SHA1

      8be9c398a040aa9b42d49397f0ed604bb06e75c6

    • SHA256

      c03830226f73e3fba25c8f00c9957ae2d4fdd34d9a4936d7517878f38cfeaf81

    • SHA512

      de989a5cdebc7147965547d960672438a6dcf7adf032efa5decb45ce3084975f48f159cd01f84989e6248cbc079390def302e542a54393c3128a0f86a702a620

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral15

MITRE ATT&CK Matrix

Tasks