Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

e2-0126.zip
Size

703KB
Sample

210126-33wjh8jaaa
MD5

f62edc485ad2bed8bf624b5a5033cae1
SHA1

5748f7dee6a013cd95a996ed92659bc0f5f86272
SHA256

597aa48a1c12f098911b42d59e1cfdb33e99409ebe1c5d728efebb6d6d9b540f
SHA512

7b39b2a6b35207ad7849edef60b026c0791e8c52f121fab66133b769db600dac91bde520ed08666f511f0a5ff72fe2e9c053a56b19a6a89681ce6cb320073541

Score

10^/10

emotet lea banker ransomware trojan

Malware Config

Extracted

Family

emotet

Botnet

LEA

C2

80.158.59.174:8080

80.158.43.136:80

80.158.3.161:443

80.158.51.209:8080

80.158.35.51:80

80.158.63.78:443

80.158.53.167:80

80.158.62.194:443

rsa_pubkey.plain

Targets

- Target
  
  sjbodmaxe.dll
- Size
  
  647KB
- MD5
  
  13b9d586bb973ac14bfa24e4ae7b24f1
- SHA1
  
  a5653ebe4fa9f906554e56f4d732489189c3a3f9
- SHA256
  
  90e4f02ab9157f389d785c3dcddfa432085b237f2a4c3befb4a093d0f2711b5b
- SHA512
  
  517b1728ac24a587c6a4ccb7c0ea18f2059609958eb06f06107efd5a2e06faf0caa78c49f252e8b2e602a88de194e7edb1f4aaf1efe423298e94257c3df902ae
Score

10^/10

emotet lea banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet Payload
  Detects Emotet payload in memory.
- Executes dropped EXE
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

emotetleabankerransomwaretrojan

behavioral2

emotetleabankerransomwaretrojan