emotet | d0e6255ab16f755bd8891fc51c9a35ba203a1d4fdb38fd34f3c7580f8252841c | Triage

Sharing

General

Target

Copia Fattura.zip
Size

666KB
Sample

230310-llly1acf23
MD5

3ef93aae8f57dc6a063063fd448dda16
SHA1

a46c933b6fadee012f0d0621e3ccf0cbeafa621c
SHA256

d0e6255ab16f755bd8891fc51c9a35ba203a1d4fdb38fd34f3c7580f8252841c
SHA512

4ff43b27bed0afe01b78bd17eb4aaa345a376c1889a50e990e96bcf44e97cb82c27197c9f1e1e40e95240695d20d8d58b6cf630ce427a1ebbbdd654c99682025
SSDEEP

3072:GTdhlKitY6gngARvVndTW9ZCPuJSDCKvjl1flV+crxAm40/yL/sEZGNKl/C:OhQOY6egwndgkPwSDCKFVj+mb/yFIs/C

Score

10^/10

emotet epoch4 banker macro macro_on_action persistence trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

164.68.99.3:8080

164.90.222.65:443

186.194.240.217:443

1.234.2.232:8080

103.75.201.2:443

187.63.160.88:80

147.139.166.154:8080

91.207.28.33:8080

5.135.159.50:443

153.92.5.27:8080

213.239.212.5:443

103.43.75.120:443

159.65.88.10:8080

167.172.253.162:8080

153.126.146.25:7080

119.59.103.152:8080

107.170.39.149:8080

183.111.227.137:8080

159.89.202.34:443

110.232.117.186:8080

eck1.plain

ecs1.plain

Targets

- Target
  
  Copia Fattura.doc
- Size
  
  506.3MB
- MD5
  
  9c1afe1b563063ea4c5a2b5158ac3dc6
- SHA1
  
  6242fbcf8325eeaba07d7bfb739d6eb276d31fc7
- SHA256
  
  19ffe678ba37ad6317085f3dfcc05e01aa8d0bf0ae245619dd7f98b023471b76
- SHA512
  
  2f39fc302fd23861f3ef0d3af98afb5192ef00b9fc31cf0df217bf47e1e6079032c4c2b340715b588f151b5dc9f9eda5bbc4f61974f45b6bb7a1c37dbe690eae
- SSDEEP
  
  6144:jkmCUX1RauEA55axdWFyDDIqqmbwbLUW:omC7uz552AFZqXbwbA
Score

10^/10

emotet epoch4 banker persistence trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

emotetepoch4bankerpersistencetrojan