Overview

overview

10

Static

static

63901c4b98...41.exe

windows7_x64

10

63901c4b98...41.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294211s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    08-03-2022 16:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63901c4b989b3d331aa0c468d78e772547a5b0bf26f1ef7a2fc6e6f293e7eb41.exe

  • Size

    342KB

  • MD5

    b30dd0b88c0d10cd96913a7fb9cd05ed

  • SHA1

    5aeabed24fb7ccad9c8f94b845e83aabc9118673

  • SHA256

    63901c4b989b3d331aa0c468d78e772547a5b0bf26f1ef7a2fc6e6f293e7eb41

  • SHA512

    3235f5cb62455966417474ffd8d44bcebc8091f2be6e3e6307115df546f2bac41e75936dbc32e0379762c07ab754e63e9d57905a6b234159e217a86266a29420

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

24.69.65.8:8080

74.128.121.17:80

64.207.182.168:8080

51.89.36.180:443

51.89.199.141:8080

208.74.26.234:80

112.185.64.233:80

98.150.169.135:80

115.94.207.99:443

203.153.216.189:7080

2.58.16.89:8080

12.184.217.101:80

202.134.4.216:8080

109.116.245.80:80

110.145.101.66:443

95.9.5.93:80

104.32.141.43:80

190.146.92.48:80

139.162.60.124:8080

187.161.206.24:80
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet Payload 3 IoCs

    Detects Emotet payload in memory.

    trojanbanker
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63901c4b989b3d331aa0c468d78e772547a5b0bf26f1ef7a2fc6e6f293e7eb41.exe
    "C:\Users\Admin\AppData\Local\Temp\63901c4b989b3d331aa0c468d78e772547a5b0bf26f1ef7a2fc6e6f293e7eb41.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1660-54-0x0000000075801000-0x0000000075803000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1660-59-0x0000000000280000-0x0000000000290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1660-55-0x0000000000260000-0x0000000000272000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1660-62-0x0000000000240000-0x000000000024F000-memory.dmp

    Filesize

    60KB

    Download