emotet

Sharing

Copy URL

Twitter E-mail

General

Target

93f0b81e-2fab-6767-7e64-3812cc9fe371.eml
Size

941KB
Sample

230310-g7327adf4x
MD5

50c9a15a4edc85b3ea32753374f49fee
SHA1

bc05011137beac6d0567ca6b2842bb77ea74baf7
SHA256

d643677b5e5d42199d6717218a8b62bf0319a3e21d176bc5e6757f6e202cef9c
SHA512

675a5f35fdf12b430041c34ce7b867cead4ade2913e5b977fade14961a492ca46506433d7bb1de33e945415061dc33884d093dfdbc228e174686b0ceddc58866
SSDEEP

6144:vfuxRRaFK6Wth/TWlEIV6KRxlENOe1TNp2:vfux16G9WlTV6KVAOe15p2

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443

eck1.plain

ecs1.plain

Targets

- Target
  
  93f0b81e-2fab-6767-7e64-3812cc9fe371.eml
- Size
  
  941KB
- MD5
  
  50c9a15a4edc85b3ea32753374f49fee
- SHA1
  
  bc05011137beac6d0567ca6b2842bb77ea74baf7
- SHA256
  
  d643677b5e5d42199d6717218a8b62bf0319a3e21d176bc5e6757f6e202cef9c
- SHA512
  
  675a5f35fdf12b430041c34ce7b867cead4ade2913e5b977fade14961a492ca46506433d7bb1de33e945415061dc33884d093dfdbc228e174686b0ceddc58866
- SSDEEP
  
  6144:vfuxRRaFK6Wth/TWlEIV6KRxlENOe1TNp2:vfux16G9WlTV6KVAOe15p2
Score

6^/10

collection
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  Q25547950344368401064_202303091132.zip
- Size
  
  675KB
- MD5
  
  06a43f9606a76b3fcd9a5c09c52cbc6f
- SHA1
  
  b57281a603545d4e67b474dd7a464bc596096e32
- SHA256
  
  dfbea1aef569f8c2fd2c8114065f6124a2b817c00b19d98bd63b019da379a68a
- SHA512
  
  2d4e037fc1b71568e12d4d56db75d88661e563f7742f578a5e269b9137ae1c8c6f2755f2cfc909fdc045261a64013d4d4a5b36cfe9b2087db36f4be2f8cf9e85
- SSDEEP
  
  3072:u9KxsZJTw9U8wkt3d9Oi0jKXnacTBy1uhzhh8Q8TiqfMA2+DVfZx2ePQCOJEg:u93zn23Oi0uXnTZj+Q8TbfMAJ1xPQjJB
Score

1^/10
behavioral3 behavioral4
- Target
  
  Q25547950344368401064_202303091132.doc
- Size
  
  539.2MB
- MD5
  
  6abc15b6b6e023239f2589101bb98db4
- SHA1
  
  dfdf26a0d3130fc83dd7b233bd080160df59c0b5
- SHA256
  
  6d07f92d1d5f9f60b3b6a69bc7dfe19c5bc3c9495b9b56852abb3bd347214a15
- SHA512
  
  5315ad12cf214d917c4ac9dbc46cbd5a3185936e9dd709dcfffd6843c97d433de80ed6dbf076c741e2e12cef958fc4c8e7945a8a9428dca1adcf57e452c66537
- SSDEEP
  
  3072:vpt3LDPYvrTr3jvZNWGBStinoLVMcXyHtt5YC7EGIuGEMYDDK6:H3AvrTPRUGpmpXqWCoGIuGEMY
Score

10^/10

emotet epoch4 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral5 behavioral6
- Target
  
  email-html-1.txt
- Size
  
  695B
- MD5
  
  f3d4c995cbfc85f8044baa8154679a2c
- SHA1
  
  7220e21d039f8529aec5c3cc7571701a17dfab4a
- SHA256
  
  c73bfe5095b7627107d4b8b0671a1fb60386d7f1ad0e75c803a0d5f5e9e78627
- SHA512
  
  ae258a6969d4fcdda8fcd4ab95f5e1aece9eb1eefe7ffff72162d1860a5fa569b66dfe4a4a13cc4c642ad1f40e245944d680eb08cb1edda5e626caff45a856a1
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Accesses Microsoft Outlook profiles

Drops file in System32 directory

Process spawned unexpected child process

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8