Overview

overview

10

Static

static

emotet_pe2

windows10_x64

10

Analysis

  • max time kernel
    295s
  • max time network
    298s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    26-01-2021 08:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1fa84cf8ec429630099e9c8f0004f9d38da78d2c64c8799ead171686717e9cb4.dll

  • Size

    609KB

  • MD5

    15f8e8f198852dc71f501631d201544f

  • SHA1

    88554c3a65c6e012b9e690cd0a69ae095c2c55c3

  • SHA256

    1fa84cf8ec429630099e9c8f0004f9d38da78d2c64c8799ead171686717e9cb4

  • SHA512

    4c4c0f9bdf19c0958af36b2fa5eb55fb373689f11768e248fa2ba72d9108185ba75086a50dc0fa70e0157dfda08dfcd1ffdf76de7d12e0cc3503cfa342144fcc

Score
10/10
emotetepoch3bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.55.186.229:80

203.157.152.9:7080

157.245.145.87:443

132.248.38.158:80

110.172.180.180:8080

70.32.89.105:8080

161.49.84.2:80

37.46.129.215:8080

50.116.78.109:8080

115.79.195.246:80

178.62.254.156:8080

175.103.38.146:80

188.226.165.170:8080

91.93.3.85:8080

162.144.145.58:8080

117.2.139.117:443

190.85.46.52:7080

201.193.160.196:80

152.32.75.74:443

195.201.56.70:8080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Blocklisted process makes network request 25 IoCs
  • Suspicious behavior: EnumeratesProcesses 52 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fa84cf8ec429630099e9c8f0004f9d38da78d2c64c8799ead171686717e9cb4.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4684
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fa84cf8ec429630099e9c8f0004f9d38da78d2c64c8799ead171686717e9cb4.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4724-2-0x0000000000000000-mapping.dmp
    Download
  • memory/4724-4-0x0000000000400000-0x0000000000423000-memory.dmp
    Filesize

    140KB

    Download
  • memory/4724-3-0x0000000003500000-0x0000000003525000-memory.dmp
    Filesize

    148KB

    Download