emotet | 2f3e99a8bdb080cad97881bc33b88ab9084003b649909895c3a8c156e5b8b83f | Triage

Sharing

General

Target

test3.zip
Size

14.4MB
Sample

230106-h1bj2afa38
MD5

76b9f844ebcddec3043d60d59f872a7e
SHA1

3d7a9dd34d01aaf57d1a17726daf04307c11372f
SHA256

2f3e99a8bdb080cad97881bc33b88ab9084003b649909895c3a8c156e5b8b83f
SHA512

51eb4c1ad218836c7fadcca23391783907ec8fc0fcfa2fe638a74b61e2ff0430172319fadc872cb781a44aafd34617993a2f07ddf88aaa95fcdc7be6272ae102
SSDEEP

393216:I0UYukVJORHAB4FLcmSR1SQErzkxgCFCRU:nJVCgB4+ms1SQzgCIq

Score

10^/10

emotet gh0strat banker rat trojan

Malware Config

Targets

- Target
  
  test3/08b0baa49485954e408eb2ddc02004b1aa7b451e6f704cf1c914d23f3ac0ee8c.bin
- Size
  
  214KB
- MD5
  
  736acf3822d3427fd6eb4655effdb265
- SHA1
  
  1fb8256161d7e296a3e54fc85444f5ee970ef0e3
- SHA256
  
  08b0baa49485954e408eb2ddc02004b1aa7b451e6f704cf1c914d23f3ac0ee8c
- SHA512
  
  31bfc3077109f1b05e52bf11b92e5ff82f680164be36e6ead39dfe1679ac4b76003dac7d7d56435b596ce578586e737f2b46e0ff6f54d19dbda29a134b7f1bb0
- SSDEEP
  
  6144:EQcM8WDqVJY3laxQwNgs/YPNha3EzEZCxgKqApdLg70CTTNLvzySzVFet+H9ikLB:n8WDqVJY3laxQwNgs/YPNha3EzEZCxgn
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  test3/2e8bcfb94561e536ee0b378b7a879f1fa0763a309f0566c40772652f0b9ee76c.bin
- Size
  
  40KB
- MD5
  
  f0690466c665782487b39796072c433c
- SHA1
  
  8335a14d84acf4844b0adaa1f020406bb427394d
- SHA256
  
  2e8bcfb94561e536ee0b378b7a879f1fa0763a309f0566c40772652f0b9ee76c
- SHA512
  
  4b20a51a1a2a71382381038befe4c254e1d96254420d62873193b035e3ea1abeac5c6b01736cb3c07bec18b5dcc4e29582490bf32ae530c94cdaeec1f89c986e
- SSDEEP
  
  768:YabaSUqgaePETILW0xJnzSu2q4nhr5Ysnqv6Tc1Md7:FbacgtE+D7snh5YsgMd7
Score

1^/10
behavioral3 behavioral4
- Target
  
  test3/51239563ac4a295857c2712133b94de88d49a243329d93f643e6b6c8cc6c0d72.bin
- Size
  
  128KB
- MD5
  
  60edc646028b4f515fbdc1a17b6bf6a2
- SHA1
  
  a7c179273445924f354d4ee64dd34310e1fbff1e
- SHA256
  
  51239563ac4a295857c2712133b94de88d49a243329d93f643e6b6c8cc6c0d72
- SHA512
  
  67e27083ae947d01e5b1d052b4f64037bba101c7060bd9673db43e66a4d73d82c057701218e557220443fcdb5bbab87d6e6ba85ce775f8f52720ca0d28e2b477
- SSDEEP
  
  768:9lH3i1zJUvXRGx8PG1h33BLUjJMqpMTDdkgeSWX0BgO:9lHy1zYy8e1jLUjJNMTuRkBg
Score

1^/10
behavioral5 behavioral6
- Target
  
  test3/9208908b0dc676aa1d9f2db46321bd3da597234fbc33790851032bc4d057b280.bin
- Size
  
  552KB
- MD5
  
  7dc22861ebf656a466c4b604fa243ca5
- SHA1
  
  c9526e607c83f2be3146dc8a967376e04fc60dab
- SHA256
  
  9208908b0dc676aa1d9f2db46321bd3da597234fbc33790851032bc4d057b280
- SHA512
  
  0c43f3af97311ee3a7d919109cd416f1bcb2489d676d35fcc85c51c67d767a80271bfcb792acee9b0d1bfefd63c9b3e4045c1c2ba322364a64bb4e783956cff0
- SSDEEP
  
  12288:vvgl/URz7DtDUS77+GE/1lDcJEQvmuWcsPj:vvgl/U5FD37+GgDcJEQvmuXgj
Score

1^/10
behavioral7 behavioral8
- Target
  
  test3/c599af32f470f3853d837af004590fb94bd1b4a595b04dfde22f876f9a8ea851.bin
- Size
  
  7.6MB
- MD5
  
  02ebc4c231c8199a1204205d8d65eda7
- SHA1
  
  9e57e50b01869a6c79c4aba02f540f2b783adca8
- SHA256
  
  c599af32f470f3853d837af004590fb94bd1b4a595b04dfde22f876f9a8ea851
- SHA512
  
  770f3397362bb812221c387240d9865b1a7b343d0cd32da30cbf64bbc7d0de0312e9dcada7427e51516dbffd574f88eda9d858d217d665af263b7111c163ee94
- SSDEEP
  
  196608:Euww4mXtUHcjascJhSd94r5SyAAZ7pnWUFq3a:Euww4uTja1JMByLVWUw3
Score

8^/10
- Drops file in Drivers directory
behavioral10 behavioral9
- Target
  
  test3/d1eeb2ad38249bd944d2dc659a84f7a394652c537f80b59fceb3a2c284c6919b.bin
- Size
  
  5.9MB
- MD5
  
  b4a3e38ecfd66f91fdcfd5992f62a813
- SHA1
  
  db5f46269de2487792ba8117329478601d5b7b8a
- SHA256
  
  d1eeb2ad38249bd944d2dc659a84f7a394652c537f80b59fceb3a2c284c6919b
- SHA512
  
  aed45203c31306c33da0262330513c832763014014df96111c390e30bf05b97051ef03652e54d3a85a4bc7c9ebcc2e11878e290f3814a5fa0b6eb746ccfc142e
- SSDEEP
  
  98304:+aY6mTW4JrVNwSoF5loDzEJ4B/QwP5qAtYiPyxiG/N33KA0LaRx01:+xNTW4tXwSA5YSxybtYiPGJKAsa6
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  test3/d3a43a20d2b6c497160bf63fe0dec0e1edf2e4406c9bd0ed5d00ce663fddc4cd.bin
- Size
  
  40KB
- MD5
  
  29e6f5b2bdb942b558c9383af04346fa
- SHA1
  
  5e331c5e2ab2072ce8347c2eef3f9cf8231a4044
- SHA256
  
  d3a43a20d2b6c497160bf63fe0dec0e1edf2e4406c9bd0ed5d00ce663fddc4cd
- SHA512
  
  922ec7bffcdca9e021f6cba3292d30211f78dba0dc783e054edfb3af7b97f47d831c611ffb4047c1e4c0f5bd3f4b044742c2676cd52bbd55d2366ca4147324d0
- SSDEEP
  
  768:YabaSUqgaePETILW0xJnzSu2q4nhfxpnqv6Tc1Md7:FbacgtE+D7sn7pgMd7
Score

1^/10
behavioral13 behavioral14
- Target
  
  test3/e0c7e609e4fdcbe12daffb6c0517c4fde9644e8774a0d74139d940fd8ca7e146.bin
- Size
  
  2.0MB
- MD5
  
  13f76fa36fe0847e665d774a6b653348
- SHA1
  
  303303383a59550e8585df05ebc8c88daf85bc0a
- SHA256
  
  e0c7e609e4fdcbe12daffb6c0517c4fde9644e8774a0d74139d940fd8ca7e146
- SHA512
  
  026d39d6dcb019573df2aa1accaa6411de326099b766ee86327befade7f2919a5ef9c98d5ee48959fca71fd9bc8f10704ae6677d61092f534eb55917daea621e
- SSDEEP
  
  24576:WQC+u0n/0tyoWqGh+pFWYFJ+VQgY2AVSlOQicOc7MXYhmtaibiF674d1:WQRu0n/00qy+poYQYdD5cVL/B67u
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral15 behavioral16
- Target
  
  test3/f7ba9ce7513a164ff2cbc3d41721d557a94e2441f22a97297f3308df6804ecd1.bin
- Size
  
  40KB
- MD5
  
  08fd72e10b6c1bedb21fb398718f895b
- SHA1
  
  79e00c32c5fb07ec8c90864d5520d88ca6c16dab
- SHA256
  
  f7ba9ce7513a164ff2cbc3d41721d557a94e2441f22a97297f3308df6804ecd1
- SHA512
  
  e711c67b2bf87239dd16be6d71e3747e28bcfe4c74383da4964ac691d2870268125d04a21d4056c4944d73e4d545ed4bcd37258077d007376dfa331bec821f79
- SSDEEP
  
  768:YabaSUqgaePETILW0xJnzSu2q4nhtnqv6Tc1Md7:FbacgtE+D7snHgMd7
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

emotetbankertrojan

behavioral2

emotetbankertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18