Overview

overview

10

Static

static

8

2d0d46d5-2...f6.eml

windows7-x64

5

2d0d46d5-2...f6.eml

windows10-2004-x64

3

Mail Attachment.eml

windows7-x64

5

Mail Attachment.eml

windows10-2004-x64

3

2022-06-29...on.pdf

windows7-x64

1

2022-06-29...on.pdf

windows10-2004-x64

1

2022-06-29...TR.pdf

windows7-x64

1

2022-06-29...TR.pdf

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

RE_ [SC27W...on.eml

windows7-x64

5

RE_ [SC27W...on.eml

windows10-2004-x64

3

Dlist.serv...rt.zip

windows7-x64

1

Dlist.serv...rt.zip

windows10-2004-x64

1

2665187713...om.doc

windows7-x64

10

2665187713...om.doc

windows10-2004-x64

10

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

email-html-2.html

windows7-x64

1

email-html-2.html

windows10-2004-x64

1

email-html-3.html

windows7-x64

1

email-html-3.html

windows10-2004-x64

1

email-html-4.html

windows7-x64

1

email-html-4.html

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d0d46d5-2f07-4223-612d-e119141337f6.eml

  • Size

    1.5MB

  • Sample

    230313-jcb2bshb43

  • MD5

    88e19f6ce03841eef3b9119197ff4545

  • SHA1

    d19a500626cf861ec092583a842bca79a2b78a93

  • SHA256

    2e214679ce6481cd421641a04747f52e453ae9aedcef9613f4cca02a66eb5498

  • SHA512

    cbe5f123951cf38ae3d19f4112fc711758a69f1e22ef740d0f0eaabff476c4ca2a80abfd0a9788e2232bf71fc37c8eee4a537621bea26ee523f53a71f7fea895

  • SSDEEP

    24576:lha/pQQEoHHt8aTeugeFZ1Ji+O5iFoCawEB8KLggWyl7Ab:jx5aHvZmpiFwBWFb

Score
10/10
emotetepoch4bankerlinkmacromacro_on_actionpdftrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

164.68.99.3:8080

164.90.222.65:443

186.194.240.217:443

1.234.2.232:8080

103.75.201.2:443

187.63.160.88:80

147.139.166.154:8080

91.207.28.33:8080

5.135.159.50:443

153.92.5.27:8080

213.239.212.5:443

103.43.75.120:443

159.65.88.10:8080

167.172.253.162:8080

153.126.146.25:7080

119.59.103.152:8080

107.170.39.149:8080

183.111.227.137:8080

159.89.202.34:443

110.232.117.186:8080
eck1.plain
ecs1.plain

Targets

    • Target

      2d0d46d5-2f07-4223-612d-e119141337f6.eml

    • Size

      1.5MB

    • MD5

      88e19f6ce03841eef3b9119197ff4545

    • SHA1

      d19a500626cf861ec092583a842bca79a2b78a93

    • SHA256

      2e214679ce6481cd421641a04747f52e453ae9aedcef9613f4cca02a66eb5498

    • SHA512

      cbe5f123951cf38ae3d19f4112fc711758a69f1e22ef740d0f0eaabff476c4ca2a80abfd0a9788e2232bf71fc37c8eee4a537621bea26ee523f53a71f7fea895

    • SSDEEP

      24576:lha/pQQEoHHt8aTeugeFZ1Ji+O5iFoCawEB8KLggWyl7Ab:jx5aHvZmpiFwBWFb

    Score
    5/10

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      Mail Attachment.eml

    • Size

      582KB

    • MD5

      50193e7a3ff1fbf1225c988b6bc8275b

    • SHA1

      cef161d9ce194cf0d45fe9a9ccab3c0b7c7abd04

    • SHA256

      59b48cb7108c89d2fd1cce4b87d09570fd47bb66ee54326085a5440dba195495

    • SHA512

      7cc6947d9f95f6aab49cfa6d7e7f0504242bb680f562b6a0cb71136486358c476ce1d622387578bb18d8bf370ee363dc16aa1e20179967b1aa5fbeabb88aa64d

    • SSDEEP

      12288:ZMwgewqoOxqYJeyk+OcWiK+umoLuaw9SB5Gtk9lnnMLt5UW43l7mvG8y:9geFZ1Ji+O5iFoCawEB8KLggWyl7Ak

    Score
    5/10

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      2022-06-29_Circular_letter_CD_Consultation.pdf

    • Size

      246KB

    • MD5

      755fef3a05ab8f13f898002aa40bc560

    • SHA1

      c5cf58a160f0e2148a8fee2bf56c1703cae2ca71

    • SHA256

      2fd5166ffb43d9c916e82652d6014a559515d7e49a41bad077a0f2dd33579193

    • SHA512

      c372ef1f4afd008fcbec9c57f3bdfd3d5099015d83a0bccaa57d6ab674fa9c3ae7cf5797f63e9511ccfa3f6798b05d43a3008f5b23bf42512dbee448fd320d16

    • SSDEEP

      6144:13yHlrVG+m7hSG6592Qozuks9sboTyYqHdnyuvDA:1ilVGj7hT6Dcu5sbkxzuvDA

    Score
    1/10
    behavioral5behavioral6

    • Target

      2022-06-29_Circular_letter_DTS_DPAS_DTR.pdf

    • Size

      175KB

    • MD5

      37f737a1ec80896a326d8867dd35d817

    • SHA1

      25ffca12c7adeefe8cc24dea94a9dd79921a97a5

    • SHA256

      6e7e0b2e38fa76e5c7ab179543ca9346780f9db442477ad462b736191039bc35

    • SHA512

      0dc0b273fa10bb50415f92b1bc5282edbc4707c2ebb6118b69287202227a4631b1fa044e4d297f3ca23986699cdb5c1c50d27304d197e55481cf40d5250dddcd

    • SSDEEP

      3072:O73frjnjJxae9NA5jlzaC4L0F8XyvBhd7tn/XO1XzNQkY77txFZ2vtCuIg:4njJxae/8iwFqO71/+NY7RxFZ/up

    Score
    1/10
    behavioral7behavioral8

    • Target

      email-plain-1.txt

    • Size

      373B

    • MD5

      cf2eb97e99f5c565c65870b5a6d42622

    • SHA1

      e9ab0277c8d543fd9384a2d333e889da53066733

    • SHA256

      f798d454530eb56572df461820cd9167c69a648c1143ae31a9f7e79010f6502b

    • SHA512

      4c7c11f2616a566d313f9bd8bcbd57b1f161092cfcd7a3d9abad98d910634541bc784016f0e94a2dc66d3b15cd3bc27f55e8909b9da52a9f67dbdffc86d7b623

    Score
    1/10
    behavioral10behavioral9

    • Target

      RE_ [SC27WG5] ZKP PWI and call for contribution.eml

    • Size

      926KB

    • MD5

      4632a49c08e0191fc98d326f027c6a1c

    • SHA1

      2cf9c3787f3a288a84c7c4640f0e300e11f267ab

    • SHA256

      de5ae98f7e97ce954d284ec6e15996086f536bc8c7a726e01701de6d7a01cbb9

    • SHA512

      f93bae1fccae3610254c7f9de3ee33fff016b81f74493addfc11ba53ce58e183ea6bc4df5a700aef9731dcc32cb4adb18bf2983c65f18560eab296c5695d209f

    • SSDEEP

      6144:Yvd2WeNgqfa9IHpd23g3RR5qzCeePQaHt8EajGTaFjGh:I2WaCwpQQBR5ODePHHt8aTatGh

    Score
    5/10

    • Drops file in System32 directory

    behavioral11behavioral12

    • Target

      Dlist.server.uni-frankfurt.zip

    • Size

      673KB

    • MD5

      6b881f081cb6b56faa2c4f8c2e3a68af

    • SHA1

      42c3a8fe26dec788f9deeb757c674c429d357295

    • SHA256

      018a73b48bd511365c761558d41517cc89a613ffb9a8a6f6872a5dc34eddb6d6

    • SHA512

      b029dc172c595bda668872e5f3a162c9b5ccd628671d03917bcd9cb92f7a041c9d0f589cb56d15160843f40e1b0112b7eae6b053d9040d98b17ba994af665205

    • SSDEEP

      3072:TJPwOBqguhRok0EOsHYQLMTwyOy2w4OLWxKJ5SuNVWla3P:djTuh1OVQTy/LWq7Wlaf

    Score
    1/10
    behavioral13behavioral14

    • Target

      26651877134168, United Kingdom.doc

    • Size

      500.3MB

    • MD5

      04167b66dad818acca25dd5c5a177e8b

    • SHA1

      638734594d243a9627ab8c16f867a7d0f741c75c

    • SHA256

      ea55eac0221c35e657fdca5d6f893053a296ea678d0a44d9ac2112f5a88ceaa7

    • SHA512

      61688bdcda4c92a9f24320e1eeaaaeefd8d57359f3b46c61194f60fb3cb9cac2878cb25a45b750a988a4b6be6709189273871d8a37dc7acb23eaffb91313644a

    • SSDEEP

      3072:2JX29m8QBUoItA/leC6gSJ+2JiclnUOvrRxqmLcHeNJxPkdVdTRcDK6:2EmleC6gSJWclU0RxVLcHe5cdTR

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral15behavioral16

    • Target

      email-html-1.txt

    • Size

      1KB

    • MD5

      c646b881b85d3fb2aa3ee56523d3bb65

    • SHA1

      2f9b737ffffd2b94149cee159e31300a0f60a0b6

    • SHA256

      8a89165748e8303545bedebee7e31d24d9669c8ec24878c7b37742e1e1ec569c

    • SHA512

      5849b4305ad3ffba64a0e34b4cf3461705b19e86f2a80678c7a5d8c3f9927fc523dd250bb8e14b5fcfafcc7c027962c68651e9bb4e76f1924fbee9610b4c28de

    Score
    1/10
    behavioral17behavioral18

    • Target

      email-html-2.txt

    • Size

      1KB

    • MD5

      0f5b2270a831dd9749d405c7edfac5b9

    • SHA1

      d6d4f594edc567e993b59a65652ff7ae7e15ee09

    • SHA256

      87a59e5477aaae680a2da41b6ec8dad2e5a8a305e15e8a18a7d93181cc5324b4

    • SHA512

      a999410082a9003f26c04bb474ba5f4e5c18e21f750adabd3804588b40d79b051bbced2d05ba0c0643ac229617d6cc30ed8c893532a1f52e7eaa5c28d312fca4

    Score
    1/10
    behavioral19behavioral20

    • Target

      email-html-3.txt

    • Size

      720B

    • MD5

      36b46d261735370ac92ee7a9c3183857

    • SHA1

      be22c9d280eb8e48c0440a84844ace26def0b778

    • SHA256

      3bfd28637a5db1338eb2d7d8c1be92f819157951b35780ec707fb80bb169d9c7

    • SHA512

      c989545679f1757be4c8ad061283bd1dfd5eef82613b9e90d4c4958ce408260239eac64959bdc1a3fe66f06dd07098af290a98e63e3024ef751ba01071e51609

    Score
    1/10
    behavioral21behavioral22

    • Target

      email-html-4.txt

    • Size

      24KB

    • MD5

      707f685f9fc58d1f54e65d73949bb081

    • SHA1

      40fdc8be21a874e238d2976954aba642b8191923

    • SHA256

      11f74924ae96437b152f93c95cda0fff5ccd1093e6e85d3fb524fb0568ca7c5e

    • SHA512

      e23c1a3097279f9eb20ba07a72e30c8957a06a732f0aaccde38fd4e3d900acf8350380a396c4a2fbb2aec87788fb6ad2cd46126b867d658d52b38912af4b50f5

    • SSDEEP

      768:muLUtT/UnWB3CYWDuRscx+WDc2WSOql28QSm5oCPzq9go:vnWnWGscx+WD9WSOql28QSm5oCPzq9go

    Score
    1/10
    behavioral23behavioral24

    • Target

      email-plain-1.txt

    • Size

      844B

    • MD5

      df8109d4600b5051271ed703703f5f67

    • SHA1

      b2fa9ff462bf7435a6ae032af6dc9fdee0f22eb6

    • SHA256

      a576ed9505da701b92bcfb8142f7d61de1377435758d4dc57b561aeebc7d1d07

    • SHA512

      1614b0fc3e54fad16ba462373a37852f10428288cbc2dc58b03654f30bd20c31ab4912501d200c2a97a18c0589d3ec1caf4a516f106d7ab5038120ff94052c08

    Score
    1/10
    behavioral25behavioral26

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

10
T1112

Credential Access

Discovery

System Information Discovery

7
T1082

Query Registry

4
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks