Overview

overview

10

Static

static

4b2509eb52...9c.exe

windows7-x64

10

4b2509eb52...9c.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b2509eb52fab499741a2eab115c789d7d8d489c.exe

  • Size

    544KB

  • Sample

    221130-k1622saa3v

  • MD5

    2421e3c9e8438dcac0ff6447f86e36f9

  • SHA1

    4b2509eb52fab499741a2eab115c789d7d8d489c

  • SHA256

    4b28154f980d8fec3b4a0367c107f3966f9358bd27ca20385d3e1422a61bcf67

  • SHA512

    4f04399c59f283a6a30533f18ee211c69723fe01dd9b9379437a6a56adde1bc6de3d596eeb14dbc496719eb64bb958730192f4964c5be823838bc9da1cf0ef43

  • SSDEEP

    12288:vGLDDmvjUmzaOopzIYoz1Wuh1o7rxi3IrtKZ:YDqj8OoaYCYuUr0SY

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

110.36.234.146:80

191.82.16.60:80

91.83.93.105:8080

216.98.148.181:8080

68.183.190.199:8080

190.230.60.129:80

183.82.97.25:80

114.79.134.129:443

89.188.124.145:443

178.79.163.131:8080

76.69.29.42:80

87.106.77.40:7080

178.249.187.151:8080

62.75.143.100:7080

201.163.74.202:443

62.75.160.178:8080

181.188.149.134:80

186.0.95.172:80

217.199.160.224:8080

203.25.159.3:8080
rsa_pubkey.plain

Targets

    • Target

      4b2509eb52fab499741a2eab115c789d7d8d489c.exe

    • Size

      544KB

    • MD5

      2421e3c9e8438dcac0ff6447f86e36f9

    • SHA1

      4b2509eb52fab499741a2eab115c789d7d8d489c

    • SHA256

      4b28154f980d8fec3b4a0367c107f3966f9358bd27ca20385d3e1422a61bcf67

    • SHA512

      4f04399c59f283a6a30533f18ee211c69723fe01dd9b9379437a6a56adde1bc6de3d596eeb14dbc496719eb64bb958730192f4964c5be823838bc9da1cf0ef43

    • SSDEEP

      12288:vGLDDmvjUmzaOopzIYoz1Wuh1o7rxi3IrtKZ:YDqj8OoaYCYuUr0SY

    Score
    10/10
    emotetepoch1bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks