emotet | 2c96ce99a90ecb02a596bec5d3b2b47246da523147f20ec80a18457a12a6c2af | Triage

Submit
Reports

Overview

overview

Static

static

8

cd99b899c5...1d.xls

windows10-1703-x64

Sharing

General

Target

Emotet-E4.zip
Size

168KB
Sample

221102-q8pqmabhbq
MD5

20202a55915064480d6198f610513a12
SHA1

0bdfea4b23f58f2bb295170e604b8ddd7c02ff85
SHA256

2c96ce99a90ecb02a596bec5d3b2b47246da523147f20ec80a18457a12a6c2af
SHA512

be05a554e0785ee66cea386400ad6d6c77e832d3548ff5328e46256612822dfc77937e665489c3e464d2eb21fe3c132cb1bdf40e1effdcd2963926956912eff3
SSDEEP

3072:EXiwocMsrMC9rIaUwMKBn4zsg1AfGox3zdhwCNLJEUuefJenbaCmgr56kj:EPXb/p2sMAfXDw8aUuwmWCjjj

Score

10^/10

emotet banker macro persistence trojan xlm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cd99b899c5a3d6ddb22969605b079375da897362b4d599fc9eebb1e21115a31d.xls

Resource

win10-20220812-en

emotet banker persistence trojan

windows10-1703-x64

12 signatures

150 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://sat7ate.com/wordpress/ZAf5j4MG8Hwnig/

xlm40.dropper

http://www.spinbalence.com/Adapter/moycMR/

xlm40.dropper

http://www.3d-stickers.com/Content/Afa1PcRuxh/

xlm40.dropper

http://navylin.com/bsavxiv/axHQYKl/

Targets

- Target
  
  cd99b899c5a3d6ddb22969605b079375da897362b4d599fc9eebb1e21115a31d.xls
- Size
  
  216KB
- MD5
  
  d3b182de8c99553a9f2b6d0f3f030a4f
- SHA1
  
  d5bd989ffde2f67133b6404f9f234d13e618c206
- SHA256
  
  cd99b899c5a3d6ddb22969605b079375da897362b4d599fc9eebb1e21115a31d
- SHA512
  
  3abe78e4fca03e90d59818cded37a9feff6f7ade11cee1ef07c7ccd70cc4e250f7d835161409f0e8ba97cff4a678ef234298cb293ecac60e1ec0667a8904e484
- SSDEEP
  
  6144:WKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgUyY+TAQXTHGUMEyP5p6f5jQm+:XbGUMVWlb+
Score

10^/10

emotet banker persistence trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Downloads MZ/PE file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

emotetbankerpersistencetrojan

© 2018-2024

Terms | Privacy