emotet

Sharing

Copy URL

Twitter E-mail

General

Target

8a60139c-1e4c-6f10-a2fa-19da2af69d39.eml
Size

915KB
Sample

230309-qwmqhabe6v
MD5

c7fc9e581abe0f90b172634e60539b15
SHA1

075a2b4b1683c8f58ecc5e611dbe2d52994d440e
SHA256

c7b0f5e3530cdf399be82be797e28f90d2e526d624183da93fd961484e57ad84
SHA512

e85be248b47254f9452f148033d8ce504250580adb1ebe1667feed8fce6447bbd194b4b0c5dfc347839323fabf300b3803251270eab84f8319d0240ae1fee881
SSDEEP

6144:bcPS3EGYMdMqouox4TTq4xGfjuqkIbsjTYjoWpF2Sea0TjSA4I:bcK0GUVuox4nq4xG7ZbGYMWpleau74I

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443

eck1.plain

ecs1.plain

Targets

- Target
  
  8a60139c-1e4c-6f10-a2fa-19da2af69d39.eml
- Size
  
  915KB
- MD5
  
  c7fc9e581abe0f90b172634e60539b15
- SHA1
  
  075a2b4b1683c8f58ecc5e611dbe2d52994d440e
- SHA256
  
  c7b0f5e3530cdf399be82be797e28f90d2e526d624183da93fd961484e57ad84
- SHA512
  
  e85be248b47254f9452f148033d8ce504250580adb1ebe1667feed8fce6447bbd194b4b0c5dfc347839323fabf300b3803251270eab84f8319d0240ae1fee881
- SSDEEP
  
  6144:bcPS3EGYMdMqouox4TTq4xGfjuqkIbsjTYjoWpF2Sea0TjSA4I:bcK0GUVuox4nq4xG7ZbGYMWpleau74I
Score

6^/10

collection
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  Gmail.zip
- Size
  
  654KB
- MD5
  
  a0c50d24b59ee63e3e2941877bb8c21f
- SHA1
  
  1757964e6ea0ea4dbdd65f838ac26a857dc2c32f
- SHA256
  
  88009043c042abe31ce2cd719130aaa9c7dc31bc2fd639668d5eace2ede29f05
- SHA512
  
  62c04dffdfd73f3b7bcfb062022b2feb64fe9af07b921725d54585c4ea82146345a4cb42628f56b5e3598435be4a58153153b858a63551a2cdc630f714ee121a
- SSDEEP
  
  6144:IJNbwmfcuHom8Hz2f//ywiWT8xVTI5wqQ:sbPHom8TYyCT8x5I5w7
Score

1^/10
behavioral3 behavioral4
- Target
  
  0419675272807527999__2023-08-03_1602.doc
- Size
  
  504.3MB
- MD5
  
  237e055e64b8ca9b54e2217646bfc60e
- SHA1
  
  30cd06e2e15ccfb9b07d62d5f38692a8f6a9b5a4
- SHA256
  
  17eca4943b3040c47babe49d2d1f59f4852695e2348fe107ec935e38416e511b
- SHA512
  
  99ffa51951c364b941160153ea714a281ebf51cdc6307fffe9405a3ce13442352871134293e61009f3661c184f7827624afdc4ca1edc5d54c86e24b2c322b8e7
- SSDEEP
  
  6144:xPn4VZXbatu7MDogsDkHS50LdfcGcbz1f5M9KTFrMpSlMK3Ru+Q28:xP4PbNMkgg3Ru+x
Score

10^/10

emotet epoch4 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  email-html-1.txt
- Size
  
  5KB
- MD5
  
  2e75004e9f6446855b1c3043566efd3a
- SHA1
  
  a1edfd9c9b4f4cf14574e94548e762efcc4c8f42
- SHA256
  
  7a77d940487f5259d969b1f18f5d474cb12095c841de71fd7762b1e823222283
- SHA512
  
  2599560cbd0987e9e0d13a7ea70074bb39237da66f6ef355081fcacfd7ebfeb2b47f9b1d9b9d587a63b0478e7f78acb4c05e9e34a36a0c8e6b4b72a64f3b1de3
- SSDEEP
  
  96:/d3CQJB9KiUTGq8F+HL/qaUqtRdTv8W5Oe+6WU7:tbKLGD8LDYa
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Email Collection

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Accesses Microsoft Outlook profiles

Drops file in System32 directory

Process spawned unexpected child process

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8