Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef_unpacked
Size

119KB
Sample

221026-3bxq7ahhe4
MD5

959ff528ddbee66e49992cd654d41bab
SHA1

7b54da1fb2cbe877b13de309c01a7112224e1f40
SHA256

a3c14b0b4756017ee248d0fa029196060ca1f75a1fab7e9d81c74fbaac6a4797
SHA512

ef0852311f23f255624c31f320847b5d6ea2da86d81e0693207444b39b73a0f58a0e3f847c585e1a734dc902b1a429c53e193f742e81a60399ac061e76623b54
SSDEEP

3072:ZqZol+l/2YQ8S6/aI34vxV7W4LgW3DQumyKBLGMzJo:sugl/nQS3ExV7lkWrKBCMz

Score

10^/10

emotet lea

Malware Config

Extracted

Family

emotet

Botnet

LEA

C2

80.158.3.161:443

80.158.51.209:8080

80.158.35.51:80

80.158.63.78:443

80.158.53.167:80

80.158.62.194:443

80.158.59.174:8080

80.158.43.136:80

rsa_pubkey.plain

Targets

- Target
  
  a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef_unpacked
- Size
  
  119KB
- MD5
  
  959ff528ddbee66e49992cd654d41bab
- SHA1
  
  7b54da1fb2cbe877b13de309c01a7112224e1f40
- SHA256
  
  a3c14b0b4756017ee248d0fa029196060ca1f75a1fab7e9d81c74fbaac6a4797
- SHA512
  
  ef0852311f23f255624c31f320847b5d6ea2da86d81e0693207444b39b73a0f58a0e3f847c585e1a734dc902b1a429c53e193f742e81a60399ac061e76623b54
- SSDEEP
  
  3072:ZqZol+l/2YQ8S6/aI34vxV7W4LgW3DQumyKBLGMzJo:sugl/nQS3ExV7lkWrKBCMz
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2