General
-
Target
e2-0126.zip
-
Size
703KB
-
Sample
210126-33wjh8jaaa
-
MD5
f62edc485ad2bed8bf624b5a5033cae1
-
SHA1
5748f7dee6a013cd95a996ed92659bc0f5f86272
-
SHA256
597aa48a1c12f098911b42d59e1cfdb33e99409ebe1c5d728efebb6d6d9b540f
-
SHA512
7b39b2a6b35207ad7849edef60b026c0791e8c52f121fab66133b769db600dac91bde520ed08666f511f0a5ff72fe2e9c053a56b19a6a89681ce6cb320073541
Static task
static1
Behavioral task
behavioral1
Sample
sjbodmaxe.dll.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
sjbodmaxe.dll.exe
Resource
win10v20201028
Malware Config
Extracted
emotet
LEA
80.158.59.174:8080
80.158.43.136:80
80.158.3.161:443
80.158.51.209:8080
80.158.35.51:80
80.158.63.78:443
80.158.53.167:80
80.158.62.194:443
Targets
-
-
Target
sjbodmaxe.dll
-
Size
647KB
-
MD5
13b9d586bb973ac14bfa24e4ae7b24f1
-
SHA1
a5653ebe4fa9f906554e56f4d732489189c3a3f9
-
SHA256
90e4f02ab9157f389d785c3dcddfa432085b237f2a4c3befb4a093d0f2711b5b
-
SHA512
517b1728ac24a587c6a4ccb7c0ea18f2059609958eb06f06107efd5a2e06faf0caa78c49f252e8b2e602a88de194e7edb1f4aaf1efe423298e94257c3df902ae
Score10/10-
Emotet Payload
Detects Emotet payload in memory.
-
Executes dropped EXE
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation