emotet

Resubmissions

03/11/2022, 21:07

221103-zyn6safbg6 10

03/11/2022, 21:01

221103-ztzfyshccm 10

03/11/2022, 15:09

221103-sjnhdabfg4 10

Sharing

Copy URL

Twitter E-mail

General

Target

8280932809.zip
Size

168KB
Sample

221103-sjnhdabfg4
MD5

609e0025a34515d53fc5321f7ab54e71
SHA1

6188bc7fed87c33e51f678560472869b64d1165e
SHA256

0a712277286bdb83dee39bd389e1ad65e079bdb53b9255fa4b26283b30c9da72
SHA512

e0cd9e11c8bd5928684f480869325c1ca69356598984ac6e7430faf7ecc0008f2339fec229a78a40215f708025d6560a9132f71e8276d04e7dd33c2092ba9900
SSDEEP

3072:CUmLeFoCdtaHXhPF71tCKNc6iBVRXkZ9IuImo8bpU6j5Vkw3+BFUchg:CUmLANIh977/NIy9PImoKVNicchg

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://audioselec.com/about/dDw5ggtyMojggTqhc/

xlm40.dropper

https://geringer-muehle.de/wp-admin/G/

xlm40.dropper

http://intolove.co.uk/wp-admin/FbGhiWtrEzrQ/

xlm40.dropper

http://isc.net.ua/themes/3rU/

Targets

- Target
  
  ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c
- Size
  
  216KB
- MD5
  
  2486374800299563ab8934122234242a
- SHA1
  
  47bfe94aa96ef43231890f04ccd286b0888e10c8
- SHA256
  
  ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c
- SHA512
  
  74e52e1e1317908447340cbba32949321ed435f17a524224af80236ecdf67187c83908cca514e82a49b9abe9495125ba741e01ed8f30663124c13fce339c63e5
- SSDEEP
  
  6144:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgAyY+TAQXTHGUMEyP5p6f5jQmK:GbGUMVWlbK
Score

10^/10

emotet banker trojan persistence
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Downloads MZ/PE file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Downloads MZ/PE file

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2