Analysis
-
max time kernel
144s -
max time network
183s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
05-09-2021 05:09
General
-
Target
3c429a72_zXsYESTega.exe
-
Size
427KB
-
MD5
3c429a72611aa11d54a78008d531e232
-
SHA1
66979ad58f8447912d1c6b1195e22fd5e5aa7dd5
-
SHA256
ef503d5f5a41649720ea8bd5ed226aff3927ecd4c8fd80666ac2fda9d1c2e6cf
-
SHA512
9c6b021bb99e2530eab6d9896c5f08ad1a5185e75f4de447be0c4a39ba800762dbd7b1ad68662c07cf596099c5107f011336b0226e469f6f86e1d42043eacb85
Malware Config
Extracted
emotet
Epoch2
71.72.196.159:80
134.209.36.254:8080
120.138.30.150:8080
94.23.216.33:80
157.245.99.39:8080
137.59.187.107:8080
94.23.237.171:443
61.19.246.238:443
156.155.166.221:80
50.35.17.13:80
153.137.36.142:80
91.211.88.52:7080
209.141.54.221:8080
185.94.252.104:443
174.45.13.118:80
87.106.136.232:8080
62.75.141.82:80
213.196.135.145:80
188.219.31.12:80
82.80.155.43:80
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Emotet Payload 3 IoCs
Detects Emotet payload in memory.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c429a72_zXsYESTega.exe"C:\Users\Admin\AppData\Local\Temp\3c429a72_zXsYESTega.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1932-60-0x0000000000300000-0x0000000000312000-memory.dmpFilesize
72KB
-
memory/1932-63-0x0000000000230000-0x0000000000240000-memory.dmpFilesize
64KB
-
memory/1932-65-0x00000000002F0000-0x00000000002FF000-memory.dmpFilesize
60KB
-
memory/1932-66-0x0000000075D51000-0x0000000075D53000-memory.dmpFilesize
8KB