Overview

overview

10

Static

static

85041bd519...7c.exe

windows7_x64

10

85041bd519...7c.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    133s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    02-03-2022 05:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85041bd519680b653c8a44c704db4906b0e4d99f5947c3ed209765b4f02cc27c.exe

  • Size

    356KB

  • MD5

    709e3512ad4e3520bc90bd78546fd706

  • SHA1

    638b52a7515e01326fa216a57118785ee1668819

  • SHA256

    85041bd519680b653c8a44c704db4906b0e4d99f5947c3ed209765b4f02cc27c

  • SHA512

    b1ebe1bbc96321e563063c740f3a869bd82f7f7dc4982dffb62f59d6beb7391339466b934248c5a2b55c2a1735acc2b75b2f02df521caa29b45ce6cfb705e83c

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

102.182.145.130:80

173.173.254.105:80

64.207.182.168:8080

51.89.199.141:8080

167.114.153.111:8080

173.63.222.65:80

218.147.193.146:80

59.125.219.109:443

172.104.97.173:8080

190.162.215.233:80

68.115.186.26:80

78.188.106.53:443

190.240.194.77:443

24.133.106.23:80

80.227.52.78:80

79.137.83.50:443

120.150.218.241:443

62.171.142.179:8080

194.4.58.192:7080

62.30.7.67:443
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet Payload 3 IoCs

    Detects Emotet payload in memory.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85041bd519680b653c8a44c704db4906b0e4d99f5947c3ed209765b4f02cc27c.exe
    "C:\Users\Admin\AppData\Local\Temp\85041bd519680b653c8a44c704db4906b0e4d99f5947c3ed209765b4f02cc27c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2424
  • C:\Windows\system32\MusNotifyIcon.exe
    %systemroot%\system32\MusNotifyIcon.exe NotifyTrayIcon 0
    1⤵
    • Checks processor information in registry
    PID:3792

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2424-130-0x0000000002EB0000-0x0000000002EE4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2424-133-0x0000000002EF0000-0x0000000002F23000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2424-136-0x0000000002B00000-0x0000000002B31000-memory.dmp

    Filesize

    196KB

    Download