Overview

overview

10

Static

static

8

Invio docu...23.doc

windows7-x64

10

Invio docu...23.doc

windows10-2004-x64

10

Resubmissions

09-03-2023 11:57

230309-n44b4scb89 8

09-03-2023 11:49

230309-ny7scabb3t 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dwop Invio documento rif.22954796 del 09.03.2023.zip

  • Size

    761KB

  • Sample

    230309-ny7scabb3t

  • MD5

    7ec6401dd32256133e0fa67968f79cf8

  • SHA1

    1748bb2ed6ea4e8ac1028afc9d312cb36da38bae

  • SHA256

    0c80b796c3239e78e9d954f529da20c21d88b639537908056ed51496ea111577

  • SHA512

    25243f82b2785a19129371daabd03d6bb3354d74f2fd49817e5ac8c422c791fbc43b3228944056bb0cdd8be90439fb6fea21adb416bc7024941b68da34675b34

  • SSDEEP

    6144:D2OPYgKAapWp7q0CYcB906oP6FnpamsXp+YIDK/vj9xHsQUsXbL:XggCwZq0CvfS0np0om/vBxMBsn

Score
10/10
emotetepoch4bankermacromacro_on_actiontrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443
eck1.plain
ecs1.plain

Targets

    • Target

      Invio documento rif.22954796 del 09.03.2023.doc

    • Size

      545.3MB

    • MD5

      f388af2adf5e1b3c0bb6bcfd71a75951

    • SHA1

      dc269af3c0df4e7dabde4e838639bfa968c4b6f9

    • SHA256

      af7b1a64bcfd9ad2ca2e9bb7a00ca49f3e199dceb7ec188d3906fd3f09dbca48

    • SHA512

      1ab90983739b33ebd7c57d8b3d455e7cc7edff0c5da12df6ea0f76db8b545c8cd5d8b42db795bacc0c7587bff95b078447d717607d89cb195d0befffe8635466

    • SSDEEP

      6144:QDuxuMOZCBtANveapnaWVgsaNlbfXhoEHC87pnkTnlzIWZ4:18yGZZak8fxJB1e5IWZ4

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks