emotet | 0c6213278ebf78659a485f935a110f3d9cd9b47e9394f5fb123a855042c720c9 | Triage

Sharing

General

Target

Fattura 1925.zip
Size

690KB
Sample

230310-k9nl3aec2w
MD5

1b26afd260557385f4da28983f422a05
SHA1

1724b0f0819fe4042335d0fb896d9212be74b096
SHA256

0c6213278ebf78659a485f935a110f3d9cd9b47e9394f5fb123a855042c720c9
SHA512

dca082860876db4e59cbbd303d616dae36aaf8cba3fd139bbcc066865979453c8e5f729a06881aef9868e0d46d26ec3ce91704468303b4b635d69981a20ae6ae
SSDEEP

3072:ITdhlKitY6gngARvVndTW9ZCPuJSDCKvjl1flV+crxAm40/yL/sEZGNKl/D:QhQOY6egwndgkPwSDCKFVj+mb/yFIs/D

Score

10^/10

emotet epoch4 banker macro macro_on_action persistence trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

164.68.99.3:8080

164.90.222.65:443

186.194.240.217:443

1.234.2.232:8080

103.75.201.2:443

187.63.160.88:80

147.139.166.154:8080

91.207.28.33:8080

5.135.159.50:443

153.92.5.27:8080

213.239.212.5:443

103.43.75.120:443

159.65.88.10:8080

167.172.253.162:8080

153.126.146.25:7080

119.59.103.152:8080

107.170.39.149:8080

183.111.227.137:8080

159.89.202.34:443

110.232.117.186:8080

eck1.plain

ecs1.plain

Targets

- Target
  
  Fattura 1925.doc
- Size
  
  531.3MB
- MD5
  
  aee0fb59efa30bcf66bcac4e37b72536
- SHA1
  
  15c77940515a57ef089a801ac226b80e2f8e4cf7
- SHA256
  
  f550c2c50b6afc82f3b232b625e32ea5e16769f2eccf07e2d953a9fd2c4c410a
- SHA512
  
  ebe2efadc13f487cbfcb171ed804366da7550e4ad9f531acb5485e4edc5a0943f291526a08bf5474639018b8d64e3fbb517568fe81a050496cbb7acf959d9ef1
- SSDEEP
  
  6144:jkmCUX1RauEA55axdWFyDDIqqmbwbLUW:omC7uz552AFZqXbwbA
Score

10^/10

emotet epoch4 banker persistence trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

emotetepoch4bankerpersistencetrojan