emotet

General

Target

a9721d30134917f696b6d1d8f942692e56879f7039db33182225e3113762ff08
Size

61KB
Sample

211223-be537agef3
MD5

5457d5f6e64422975d0b7c9da77c2a28
SHA1

0a4a707f02e784d2ddf64bc0d20986974dcd4903
SHA256

a9721d30134917f696b6d1d8f942692e56879f7039db33182225e3113762ff08
SHA512

c125cc75d390c1be518e5bb7cb875ddf8c89d8dd1135460d820a69c8fb39714d742f973925a203c077699e70c08d7830c61e204e48fde963c2c70379e328dfc1

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://87.251.86.178/pp/oo.html

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://87.251.86.178/pp/PP.PNG

Extracted

Family

emotet

Botnet

Epoch4

C2

54.37.212.235:80

45.15.23.184:443

41.76.108.46:8080

212.237.5.209:443

46.55.222.11:443

207.38.84.195:8080

103.8.26.102:8080

138.185.72.26:8080

104.251.214.46:8080

110.232.117.186:8080

51.68.175.8:8080

176.104.106.96:8080

216.158.226.206:443

103.8.26.103:8080

103.75.201.2:443

210.57.217.132:8080

195.154.133.20:443

45.142.114.231:8080

107.182.225.142:8080

158.69.222.101:443

eck1.plain

ecs1.plain

Targets

- Target
  
  a9721d30134917f696b6d1d8f942692e56879f7039db33182225e3113762ff08
- Size
  
  61KB
- MD5
  
  5457d5f6e64422975d0b7c9da77c2a28
- SHA1
  
  0a4a707f02e784d2ddf64bc0d20986974dcd4903
- SHA256
  
  a9721d30134917f696b6d1d8f942692e56879f7039db33182225e3113762ff08
- SHA512
  
  c125cc75d390c1be518e5bb7cb875ddf8c89d8dd1135460d820a69c8fb39714d742f973925a203c077699e70c08d7830c61e204e48fde963c2c70379e328dfc1
Score

10^/10

emotet epoch4 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Downloads MZ/PE file

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2