emotet | 4d6ef2e81523b9f530939efd7a38a55ac6f01fc53699fd7c14e61cf1ce28749d | Triage

Submit
Reports

Overview

overview

Static

static

4d6ef2e815...9d.dll

windows10_x64

Resubmissions

20-03-2022 09:48

220320-lsxzvabhap 10

20-03-2022 09:44

220320-lqp68abfb8 10

Sharing

General

Target

4d6ef2e81523b9f530939efd7a38a55ac6f01fc53699fd7c14e61cf1ce28749d
Size

585KB
Sample

220320-lsxzvabhap
MD5

d608af4dfb3128271803938c98721465
SHA1

6b244c32f7f2f0e168ebb7e76302206852a4dd62
SHA256

4d6ef2e81523b9f530939efd7a38a55ac6f01fc53699fd7c14e61cf1ce28749d
SHA512

9d38c447798541c1293485214c5d46aba2da315f49039eee8a93e48f5fd69664caa0755bca7a7a3714f556024def2ee4cb5fb1c8625b4ce5fffa4be0de780b52

Score

10^/10

emotet plugx epoch4 banker microsoft discovery evasion persistence phishing spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

4d6ef2e81523b9f530939efd7a38a55ac6f01fc53699fd7c14e61cf1ce28749d.dll

Resource

win10-20220223-en

emotet plugx epoch4 banker microsoft discovery evasion persistence phishing spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

149.56.128.192:443

120.50.40.183:80

160.16.218.63:8080

217.182.25.250:8080

119.193.124.41:7080

103.75.201.2:443

195.201.151.129:8080

131.100.24.231:80

159.65.88.10:8080

1.234.21.73:7080

5.9.116.246:8080

103.75.201.4:443

176.104.106.96:8080

138.185.72.26:8080

212.237.17.99:8080

72.15.201.15:8080

103.43.46.182:443

207.38.84.195:8080

46.55.222.11:443

1.234.2.232:8080

101.50.0.91:8080

58.227.42.236:80

129.232.188.93:443

212.24.98.99:8080

158.69.222.101:443

51.254.140.238:7080

167.99.115.35:8080

197.242.150.244:8080

45.118.135.203:7080

50.30.40.196:8080

82.165.152.127:8080

103.221.221.247:8080

50.116.54.215:443

195.154.133.20:443

185.157.82.211:8080

45.176.232.124:443

176.56.128.118:443

107.182.225.142:8080

206.188.212.92:8080

45.142.114.231:8080

173.212.193.249:8080

153.126.146.25:7080

159.8.59.82:8080

31.24.158.56:8080

51.91.7.5:8080

164.68.99.3:8080

192.99.251.50:443

178.79.147.66:8080

110.232.117.186:8080

209.126.98.206:8080

188.44.20.25:443

216.158.226.206:443

146.59.226.45:443

45.118.115.99:8080

151.106.112.196:8080

79.172.212.216:8080

203.114.109.124:443

196.218.30.83:443

185.8.212.130:7080

189.126.111.200:7080

209.250.246.206:443

eck1.plain

ecs1.plain

Targets

- Target
  
  4d6ef2e81523b9f530939efd7a38a55ac6f01fc53699fd7c14e61cf1ce28749d
- Size
  
  585KB
- MD5
  
  d608af4dfb3128271803938c98721465
- SHA1
  
  6b244c32f7f2f0e168ebb7e76302206852a4dd62
- SHA256
  
  4d6ef2e81523b9f530939efd7a38a55ac6f01fc53699fd7c14e61cf1ce28749d
- SHA512
  
  9d38c447798541c1293485214c5d46aba2da315f49039eee8a93e48f5fd69664caa0755bca7a7a3714f556024def2ee4cb5fb1c8625b4ce5fffa4be0de780b52
Score

10^/10

emotet plugx epoch4 banker microsoft discovery evasion persistence phishing spyware stealer suricata trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- PlugX
  PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
  trojan plugx
- PlugX Rat Payload
- suricata: ET MALWARE W32/Emotet CnC Beacon 3
  suricata: ET MALWARE W32/Emotet CnC Beacon 3
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

emotetplugxepoch4bankermicrosoftdiscoveryevasionpersistencephishingspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy