emotet | 683652f55655f0cc80ed022a15c6a850bf18ae59c2c6f5f256e78b97aaffc557

Analysis

max time kernel
115s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
23-03-2022 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e990ceef2582f08e444d7cd5644ddb2.dll
Size

840KB
MD5

1e990ceef2582f08e444d7cd5644ddb2
SHA1

1d435e59346d1a7a4c8bbb08cf6311d9161ddc81
SHA256

683652f55655f0cc80ed022a15c6a850bf18ae59c2c6f5f256e78b97aaffc557
SHA512

2e563df461f5bb49ec62e3315c6c238ca2e7d469f8030415dcadfbeead28a9dfd3a4a8b1fd6d0aa905b1edb31cadb5ecc211ff9d60e259ce1bbff36ee7075e6e

Score

10^/10

emotet epoch5 banker trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

202.29.239.162:443

54.38.143.246:7080

1.234.65.61:7080

202.134.4.210:7080

59.148.253.194:443

78.46.73.125:443

210.57.209.142:8080

198.199.98.78:8080

93.104.209.107:8080

116.124.128.206:8080

139.196.72.155:8080

188.166.229.148:443

119.59.125.140:8080

195.77.239.39:8080

78.47.204.80:443

196.44.98.190:8080

36.67.23.59:443

185.148.168.15:8080

37.59.209.141:8080

2.58.16.87:8080

eck1.plain

ecs1.plain

Signatures

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
544	regsvr32.exe
544	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 544	3352	regsvr32.exe	82
PID 3352 wrote to memory of 544	3352	regsvr32.exe	82
PID 3352 wrote to memory of 544	3352	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1e990ceef2582f08e444d7cd5644ddb2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1e990ceef2582f08e444d7cd5644ddb2.dll
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/544-135-0x0000000000DE0000-0x0000000000E03000-memory.dmp

Filesize
140KB

Download