emotet | 6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9

Analysis

max time kernel
148s
max time network
146s
platform
windows7_x64
resource
win7v20210408
submitted
09-05-2021 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe
Size

84KB
MD5

9fd626edde376c3555766d3128b73a7a
SHA1

2fc839eeaf9fbb4a0bae82793617a32d9d5cf64f
SHA256

6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9
SHA512

372180a8a1c0bd9a223c64b718229fb371151b8276bfd13c083eb941eb1e764f6d23f51275c13a558af39b6597657f9cebc0cf2870465c7db36dad92872ec806

Score

10^/10

emotet epoch2 banker trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

195.76.232.114:80

82.223.70.24:8080

45.33.49.124:443

136.243.205.112:7080

110.145.77.103:80

74.208.45.104:8080

24.94.237.248:80

186.208.123.210:443

67.235.68.222:80

209.151.248.242:8080

200.41.121.90:80

5.196.74.210:8080

201.173.217.124:443

185.155.20.82:80

139.130.242.43:80

114.145.241.208:80

168.235.67.138:7080

162.241.92.219:8080

98.156.206.153:80

101.187.97.173:80

rsa_pubkey.plain

Signatures

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe

pid	process
880	6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe
880	6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe
880	6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe
880	6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe
880	6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe

pid	process
880	6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe
880	6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe

C:\Users\Admin\AppData\Local\Temp\6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe
"C:\Users\Admin\AppData\Local\Temp\6982c7188a094607371819a36f28c4097e10f640cd7968daede62b4488aba3a9.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/880-60-0x00000000003B0000-0x00000000003BC000-memory.dmp

Filesize
48KB

Download
memory/880-63-0x0000000075801000-0x0000000075803000-memory.dmp

Filesize
8KB

Download
memory/880-64-0x00000000003A0000-0x00000000003A9000-memory.dmp

Filesize
36KB

Download