Overview

overview

10

Static

static

ekluozek.kwe.dll

windows7_x64

10

ekluozek.kwe.dll

windows10_x64

1

Resubmissions

22-01-2021 08:55

210122-7t1dqxs376 10

22-01-2021 08:54

210122-vbmc3m6pk2 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ekluozek.zip

  • Size

    125KB

  • Sample

    210122-7t1dqxs376

  • MD5

    451a488b04129b3e4a0689a9f5995335

  • SHA1

    52a0b8bb317cb280beb444735373f803b85f9096

  • SHA256

    401eb39aefafedd9219ad496d9289e6fd502cfbac88036d691c3c36004af5022

  • SHA512

    c544d5c1ead376d5694dc9cfc2fca1e3471bee9c0a83e700a3119afb7de921b2d3bcd382947c1e8ff0c9d2d74b2a5ec402063991137d5c3837d7348893ada701

Score
10/10
emotetepoch3bankerransomwaretrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

132.248.38.158:80

203.157.152.9:7080

157.245.145.87:443

110.37.224.243:80

70.32.89.105:8080

185.142.236.163:443

192.241.220.183:8080

91.83.93.103:443

54.38.143.245:8080

192.210.217.94:8080

37.205.9.252:7080

78.90.78.210:80

182.73.7.59:8080

163.53.204.180:443

91.75.75.46:80

172.104.46.84:8080

161.49.84.2:80

27.78.27.110:443

203.160.167.243:80

109.99.146.210:8080
rsa_pubkey.plain

Targets

    • Target

      ekluozek.kwe

    • Size

      330KB

    • MD5

      8dd56158c19ca50f58de0bdf921dd8c8

    • SHA1

      da8d025461a720a4a8b5a8bc25a7ebd53f0340b6

    • SHA256

      be84e3796d98803e8e0d8bc8577e182fceeab42213d4c02fbfad35c5e9674f58

    • SHA512

      880fc3bb186799dafd14742fcfaf81ad7607c4c8be1f4453faca03574aa0d21d452830b0f1f336bb8ea45393bbb8981be4d99fc2fe82b5f25db501bfdd690f8a

    Score
    10/10
    emotetepoch3bankerransomwaretrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Blocklisted process makes network request

    • Drops file in System32 directory

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks