Overview

overview

10

Static

static

8

2023-03-08_1338.doc

windows7-x64

10

2023-03-08_1338.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2023-03-08_1338.doc

  • Size

    522.3MB

  • Sample

    230310-xevs4sgg3v

  • MD5

    2148a6a2bef5a35ce5665cbc12d5e474

  • SHA1

    2e87b33309c888ab7d655e92a45a31f15753fdee

  • SHA256

    f616da0ebb4f984aecd40da922c0cdf70987643a86afadc969aa76598120cd5d

  • SHA512

    fb232985018569cdbba001273278a6128af1395e1dc4631b023a0c49fefffd43a93dd6b0332c2cc634aa87d850ea2866614cacb6b064e57f4d48c7b41b60ea4c

  • SSDEEP

    6144:xPn4VZXbatu7MDogsDkHS50LdfcGcbz1f5M9KTFrMpSlMK3Ru+Q28:xP4PbNMkgg3Ru+x

Score
10/10
emotetepoch4bankermacromacro_on_actiontrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443
eck1.plain
ecs1.plain

Targets

    • Target

      2023-03-08_1338.doc

    • Size

      522.3MB

    • MD5

      2148a6a2bef5a35ce5665cbc12d5e474

    • SHA1

      2e87b33309c888ab7d655e92a45a31f15753fdee

    • SHA256

      f616da0ebb4f984aecd40da922c0cdf70987643a86afadc969aa76598120cd5d

    • SHA512

      fb232985018569cdbba001273278a6128af1395e1dc4631b023a0c49fefffd43a93dd6b0332c2cc634aa87d850ea2866614cacb6b064e57f4d48c7b41b60ea4c

    • SSDEEP

      6144:xPn4VZXbatu7MDogsDkHS50LdfcGcbz1f5M9KTFrMpSlMK3Ru+Q28:xP4PbNMkgg3Ru+x

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks