Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

tfvxeurehkyz.wut
Size

404KB
Sample

210126-13k64pez2a
MD5

9a062ead5b2d55af0a5a4b39c5b5eadc
SHA1

fc83367be87c700a696b0329dab538b5e47d90bf
SHA256

a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef
SHA512

693ab862c7e3c5dad3ca3d44bbc4a5a4c2391ff558e02e86e4c1d7d1fa7c00b4acf1c426ca619dea2b422997caaf1f0ecba37ec0ffca19edaca297005c9ad861

Score

10^/10

emotet lea banker trojan

Malware Config

Extracted

Family	emotet
Botnet	LEA
C2	80.158.3.161:443 80.158.51.209:8080 80.158.35.51:80 80.158.63.78:443 80.158.53.167:80 80.158.62.194:443 80.158.59.174:8080 80.158.43.136:80 80.158.3.161:443 80.158.51.209:8080 80.158.35.51:80 80.158.63.78:443 80.158.53.167:80 80.158.62.194:443 80.158.59.174:8080 80.158.43.136:80
rsa_pubkey.plain

Targets

- Target
  
  tfvxeurehkyz.wut
- Size
  
  404KB
- MD5
  
  9a062ead5b2d55af0a5a4b39c5b5eadc
- SHA1
  
  fc83367be87c700a696b0329dab538b5e47d90bf
- SHA256
  
  a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef
- SHA512
  
  693ab862c7e3c5dad3ca3d44bbc4a5a4c2391ff558e02e86e4c1d7d1fa7c00b4acf1c426ca619dea2b422997caaf1f0ecba37ec0ffca19edaca297005c9ad861
Score

10^/10

emotet lea banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

emotetleabankertrojan

behavioral2

emotetleabankertrojan