Overview

overview

10

Static

static

848e296a13...55.dll

windows7_x64

10

848e296a13...55.dll

windows10-2004_x64

10

9108114501...fa.dll

windows7_x64

10

9108114501...fa.dll

windows10-2004_x64

10

d9370d0d68...9a.dll

windows7_x64

10

d9370d0d68...9a.dll

windows10-2004_x64

10

dd9ff0b632...9b.exe

windows7_x64

1

dd9ff0b632...9b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    smp.7z

  • Size

    1.1MB

  • Sample

    220711-lxyf6sgagk

  • MD5

    b3fead5053905cca98f10b04989e6f9c

  • SHA1

    3bb0bf8c1734ea92b803a6b2f4691c226a8a8ecb

  • SHA256

    e83def106a21862d89d5be6bd6ad9779dec66b9d13a039ad63d830812ad0b9a3

  • SHA512

    a731f4765d46ccb5cafe7642c1c1d76cbfcaf2e23becb2ed7d314015cd062e3acbeea7687095852a19c32703602b81a571d1d9310b810fff4eda84051c1a7fed

Score
10/10
cobaltstrikeemotet0epoch5backdoorbankersuricatatrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

103.71.99.57:8080

103.224.241.74:8080

157.245.111.0:8080

37.44.244.177:8080

103.41.204.169:8080

64.227.55.231:8080

103.254.12.236:7080

103.85.95.4:8080

157.230.99.206:8080

165.22.254.236:8080

85.214.67.203:8080

54.37.228.122:443

195.77.239.39:8080

128.199.217.206:443

190.145.8.4:443

165.232.185.110:8080

188.165.79.151:443

178.62.112.199:8080

54.37.106.167:8080

104.244.79.94:443
eck1.plain
ecs1.plain

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Targets

    • Target

      848e296a1324882c7acc3fdca8197d55.dll.vir

    • Size

      368KB

    • MD5

      848e296a1324882c7acc3fdca8197d55

    • SHA1

      69e08989c5b11a0c85bc9b624550f8fffda3bfdd

    • SHA256

      1c5f9efd24f32e10229fc1123b70f5aafac4bbbcc0bca8a856225c2dee7f6573

    • SHA512

      30a3654f4cd2cdf5c37d2b3963375d87444f04fdb99b90320388f6c4ab850b8806165e77a01cdff952a9bae1b7453c24736b2f46f1f4610f7c131ee9b58eaebf

    Score
    10/10
    emotetepoch5bankersuricatatrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata
    behavioral1behavioral2

    • Target

      91081145018222c52e1915aa1c815dfa.dll.vir

    • Size

      368KB

    • MD5

      91081145018222c52e1915aa1c815dfa

    • SHA1

      862e4ad5dca38a937dc4189285d7bd9dee1b4738

    • SHA256

      cdeeee043e8eed1556db23fffcb1d0b84a5ffd53ecb86f25247895a5deb60217

    • SHA512

      a8241e19b8ebb747e21776c50f3631e48ee19747c8f65ff3fdbad04a9c39eb4a6654b743c9ffdbbadfcd4979efe49e3ccc1a1509e30ec167e59d2f03b402d4ab

    Score
    10/10
    emotetepoch5bankersuricatatrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata
    behavioral3behavioral4

    • Target

      d9370d0d68a692766ce97df7e2516d9a.dll.vir

    • Size

      368KB

    • MD5

      d9370d0d68a692766ce97df7e2516d9a

    • SHA1

      e4df13fe0459689c79558a32755531c725f8374d

    • SHA256

      0049cd4af7741f9dd02a2ec5938b90fcb72885ea181c901905274711f3bdb1cd

    • SHA512

      dfc3706e2725b452d77109222426ff98596c9ace25f3590d93b146fec37ac2ede5d9096f795a137d3f3a2e12f27290003f4061413cc7d9acb0f72ec3239e17f8

    Score
    10/10
    emotetepoch5bankersuricatatrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata
    behavioral5behavioral6

    • Target

      dd9ff0b632d22fcdbafe5d880d18499b.exe.vir

    • Size

      1.9MB

    • MD5

      dd9ff0b632d22fcdbafe5d880d18499b

    • SHA1

      300bdf6fff7cbc72c8317d6ade21b826ecc095fe

    • SHA256

      7769fb3369e2d14ad83797287e8077fc03b31a995a5d4fbf8279ae3f937b3c77

    • SHA512

      5d8484ad2ad6a9979f26f71415a0e9cff847ffaef67ae5807cfa8d3911277de05dffd59ce789949367a08c711f8107f851b873dabb7f4e7bf94203fa214d12ca

    Score
    10/10
    cobaltstrike0backdoorsuricatatrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • suricata: ET MALWARE Cobalt Strike Beacon Observed

      suricata: ET MALWARE Cobalt Strike Beacon Observed

      suricata

    • suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1

      suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1

      suricata
    behavioral7behavioral8

MITRE ATT&CK Matrix

Tasks