emotet | d18742da424c59822f560c48ef07ccaa98f5d0a77d25b37f5643e1945b7cabf4

General

Target

d18742da424c59822f560c48ef07ccaa98f5d0a77d25b37f5643e1945b7cabf4.dll
Size

444KB
MD5

c8328db050bd6d4aeaa5ea790996ad47
SHA1

43d16a3fc7bac41ccc970ef3eeb913181bcf67aa
SHA256

d18742da424c59822f560c48ef07ccaa98f5d0a77d25b37f5643e1945b7cabf4
SHA512

610e0598dd3cb65c137a2ebffb8f266a85dc74d693fc214b62551c95eb2e660cfb30f64e10628c947dfbadee030a061de070c712c068009805e4e95449c3d801

Score

10^/10

emotet epoch4 banker trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

45.176.232.125:443

138.197.109.175:8080

187.84.80.182:443

79.143.187.147:443

189.232.46.161:443

103.70.28.102:8080

134.122.66.193:8080

151.106.112.196:8080

160.16.142.56:8080

212.24.98.99:8080

188.44.20.25:443

197.242.150.244:8080

206.189.28.199:8080

172.104.251.154:8080

103.43.46.182:443

203.114.109.124:443

103.75.201.2:443

58.227.42.236:80

201.94.166.162:443

189.126.111.200:7080

eck1.plain

ecs1.plain

Signatures

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

848 regsvr32.exe
848 regsvr32.exe

pid	process
848	regsvr32.exe
848	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3768 wrote to memory of 848	3768	regsvr32.exe	regsvr32.exe
PID 3768 wrote to memory of 848	3768	regsvr32.exe	regsvr32.exe
PID 3768 wrote to memory of 848	3768	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d18742da424c59822f560c48ef07ccaa98f5d0a77d25b37f5643e1945b7cabf4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3768

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\d18742da424c59822f560c48ef07ccaa98f5d0a77d25b37f5643e1945b7cabf4.dll
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/848-117-0x0000000000000000-mapping.dmp

Download
memory/848-118-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-119-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-120-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-121-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-122-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-123-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-124-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-125-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-126-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-127-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-128-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-129-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-130-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-131-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-132-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-133-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-134-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-135-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-136-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-137-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-138-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-139-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-140-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-141-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-142-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-143-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-144-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-145-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-146-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-147-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-148-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-149-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-150-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-151-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-152-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-153-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-154-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-155-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-156-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-157-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-158-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-159-0x0000000000920000-0x0000000000944000-memory.dmp

Filesize
144KB

Download
memory/848-162-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-163-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-164-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-165-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-166-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-167-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-168-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-169-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-170-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-171-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-172-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-173-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-174-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-175-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download
memory/848-176-0x0000000076F60000-0x00000000770EE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing