emotet | 6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c

Resubmissions

13-09-2021 08:50

210913-krwvqagdfp 10

13-09-2021 08:11

210913-j3mkragdcp 10

Analysis

max time kernel
150s
max time network
162s
platform
windows10_x64
resource
win10v20210408
submitted
13-09-2021 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
Size

648KB
MD5

16bcd0a10f1a57d1194165dc42fab16f
SHA1

71d05db8382ea1954bcebea4229b6bfddb78c5cb
SHA256

6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c
SHA512

9c85849680ab5ffd5acf21709f7723b4d13e35c3002a9952e16ab21458f32dd2bf3942d23d996c9020b574881d0a3eb6a4fb6ab4a9743b405433d31cbffa82c7

Score

10^/10

emotet epoch2 banker trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

162.154.38.103:80

95.216.118.202:8080

60.250.78.22:443

120.151.135.224:80

101.187.97.173:80

185.94.252.104:443

168.235.67.138:7080

103.86.49.11:8080

92.222.216.44:8080

190.160.53.126:80

31.31.77.83:443

195.244.215.206:80

5.196.74.210:8080

79.45.112.220:80

41.60.200.34:80

95.213.236.64:8080

5.39.91.110:7080

58.171.38.26:80

209.151.248.242:8080

178.20.74.212:80

rsa_pubkey.plain

Signatures

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe

pid	process
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
3932	6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe

pid process

3932 6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe

C:\Users\Admin\AppData\Local\Temp\6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe
"C:\Users\Admin\AppData\Local\Temp\6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3932-114-0x0000000000B00000-0x0000000000B0E000-memory.dmp

Filesize
56KB

Download
memory/3932-117-0x0000000000B10000-0x0000000000B1C000-memory.dmp

Filesize
48KB

Download
memory/3932-119-0x0000000000AF0000-0x0000000000AFB000-memory.dmp

Filesize
44KB

Download