Overview

overview

10

Static

static

VEuIqlISMa.vbs

windows7_x64

10

VEuIqlISMa.vbs

windows10-2004_x64

10

Resubmissions

22-04-2022 21:47

220422-1nnmyagdf2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VEuIqlISMa.vbs

  • Size

    2KB

  • Sample

    220422-1nnmyagdf2

  • MD5

    e759c57fef989e9230cf121b31e077ec

  • SHA1

    434f3d7d49a06606c0fb73e1a2378836f2018338

  • SHA256

    bc84d7201f37b0c02ff742f4b8c5d78412796676724fc0af530975dac2fff063

  • SHA512

    552b94d3950641f62bcd5be46308fb3e2ab1014b3235c2b4a74d6c4f222fbe71d6991c4cb7325aa5b57f20edbd112c6b89320362ca87ee8c3a24c7f8a605e736

Score
10/10
emotetepoch4bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

138.201.142.73:8080

138.197.147.101:443

134.195.212.50:7080

104.168.154.79:8080

149.56.131.28:8080

129.232.188.93:443

212.24.98.99:8080

119.193.124.41:7080

45.118.115.99:8080

188.44.20.25:443

103.132.242.26:8080

201.94.166.162:443

1.234.21.73:7080

206.189.28.199:8080

185.8.212.130:7080

82.165.152.127:8080

176.104.106.96:8080

173.212.193.249:8080

167.99.115.35:8080

209.126.98.206:8080
eck1.plain
ecs1.plain

Targets

    • Target

      VEuIqlISMa.vbs

    • Size

      2KB

    • MD5

      e759c57fef989e9230cf121b31e077ec

    • SHA1

      434f3d7d49a06606c0fb73e1a2378836f2018338

    • SHA256

      bc84d7201f37b0c02ff742f4b8c5d78412796676724fc0af530975dac2fff063

    • SHA512

      552b94d3950641f62bcd5be46308fb3e2ab1014b3235c2b4a74d6c4f222fbe71d6991c4cb7325aa5b57f20edbd112c6b89320362ca87ee8c3a24c7f8a605e736

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks