Overview

overview

10

Static

static

8

fattura marzo.doc

windows7-x64

10

fattura marzo.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fattura marzo.zip

  • Size

    757KB

  • Sample

    230309-n9ldgscc32

  • MD5

    3c3fbdaf7c88b92084234598c41973bc

  • SHA1

    97ad29de4f0f2b0d6c7d87e69b11eac8c3e7258a

  • SHA256

    d8444cc79d84d1ab1637630857a1bc72fe08dc2fb3f6d184744bd39c995f9f7b

  • SHA512

    11905a582eef3e250341fe20a2f7be010a2856b535e5228e628f1230a7af3d72f671e651c76d71bdd0699d615b82486ed4b46b379db8beab26d151213ad884a7

  • SSDEEP

    6144:w2OPYgKAapWp7q0CYcB906oP6FnpamsXp+YIDK/vj9xHsQUsXbf:2ggCwZq0CvfS0np0om/vBxMBsL

Score
10/10
emotetepoch4bankermacromacro_on_actionpersistencetrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443
eck1.plain
ecs1.plain

Targets

    • Target

      fattura marzo.doc

    • Size

      541.3MB

    • MD5

      2e40c29700e6404798fc6f8ec55c36a8

    • SHA1

      54a9835fd10c76c54fbd3a9442ecde7d12acc920

    • SHA256

      dedc884d516f2a7a9e78aa37810ee335d24ba93f418b8096712ed8879570269f

    • SHA512

      e72d419312663e0c9f58d3f3aba6b49521837553f8b06a2fff4858bf56207d069ebc702553ff619b759cfed065242c4a19141740223cd87018303a6c0021af4d

    • SSDEEP

      6144:QDuxuMOZCBtANveapnaWVgsaNlbfXhoEHC87pnkTnlzIWZ4:18yGZZak8fxJB1e5IWZ4

    Score
    10/10
    emotetepoch4bankerpersistencetrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks