General

  • Target

    2d9e4dd3-3ed4-dc8e-67f5-857831686eea.eml

  • Size

    863KB

  • Sample

    230308-hfvr6sed65

  • MD5

    f9b27c9bb589cd03d51e5425f48173de

  • SHA1

    a6b367db3ba36c1ef38f336dc1790847ecf54d00

  • SHA256

    dd3b7834b68dfff8b39140d4ace6cf699605f9104456b92a98c1844ec42d949d

  • SHA512

    8c86630b73f9a8143205316aada326813be9471d2e051e223f9e6cf6e8a1ddd99d3628aa4b0fa59c6040381a2289f4a0a40d6d46b4b25381a77bf188dcf560ad

  • SSDEEP

    3072:bM2ba7acpTwaPlTeIrkHNU4hRElmvOE5Akf3TYGZmtOK2TRNPtjShyFrZHk1PzB:bMVzwaARNPhREif5xvUINMcZHkxB

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443

eck1.plain
ecs1.plain

Targets

    • Target

      2d9e4dd3-3ed4-dc8e-67f5-857831686eea.eml

    • Size

      863KB

    • MD5

      f9b27c9bb589cd03d51e5425f48173de

    • SHA1

      a6b367db3ba36c1ef38f336dc1790847ecf54d00

    • SHA256

      dd3b7834b68dfff8b39140d4ace6cf699605f9104456b92a98c1844ec42d949d

    • SHA512

      8c86630b73f9a8143205316aada326813be9471d2e051e223f9e6cf6e8a1ddd99d3628aa4b0fa59c6040381a2289f4a0a40d6d46b4b25381a77bf188dcf560ad

    • SSDEEP

      3072:bM2ba7acpTwaPlTeIrkHNU4hRElmvOE5Akf3TYGZmtOK2TRNPtjShyFrZHk1PzB:bMVzwaARNPhREif5xvUINMcZHkxB

    Score
    6/10
    • Accesses Microsoft Outlook profiles

    • Drops file in System32 directory

    • Target

      Gmail.zip

    • Size

      621KB

    • MD5

      d6b3c1f3a312af869987ea1713c066f5

    • SHA1

      e79331d0d0f3f15caf72b10934ceb2b72eb3d28a

    • SHA256

      4bfe21d75838d6ef6e6c297a598f63363c8ff446c4f8096c280c069247d7bc6d

    • SHA512

      6f5a154d04afc31807b83af54e79a03fcef13ff41c205804d4065a573a46712d0116514173532fd01c3915cc13861a3f82bb28f749bf9daca8d0dc1d21879028

    • SSDEEP

      3072:T1lsI//z4a/hGS0NclN3U8XKp5ZuoWkQQhl0GEzal3CX:T12c/z4a5GLNIp1WMkd3tCX

    Score
    1/10
    • Target

      952786590042030229132__2023-07-03_1900.doc

    • Size

      501.2MB

    • MD5

      2c87c888a9c3d39d2b751f7aa38c8c64

    • SHA1

      2dfd7cc73ccd79630ca17e0281f06fdf094b58ba

    • SHA256

      b7412cebd2b113144016959f2dba85873a3edb87c6727eac1c781b56ec447f25

    • SHA512

      66223af0f74aeae3f4997485cb590d68037d45fa243679de84d65ddb754ccd931c9890b72811e865609825daab30bd2cc2a4da4164776bd2bc90524d3730c46b

    • SSDEEP

      3072:eoEW2aOtFjH0lP2IpjctfRcVVwEi/A8NVM1wIOCbX6bYLjWFJuvx7ueK6:ZE1aOtFa2I9c3aVw4zwxCbJ4Jup

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    • Target

      email-html-1.txt

    • Size

      721B

    • MD5

      7fefdfcd443aa22909f65e6c5d1cd945

    • SHA1

      e31d2a416a266710fabf1ae44a6dde86eadf7fe8

    • SHA256

      71bf725486ed6565075b8cfb2ecdaaf91123d1f6070ff5971855bacf3c3136a3

    • SHA512

      3f0b35d2573af9d1ea86431594b439066829d9f014aeb895aa94182346f68757e8e6065694cb1a0f3f4ab5d05215f931aae397c6080952d36ab9d940f417ff58

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks