Overview

overview

10

Static

static

8

OPAST GROUP.doc

windows7-x64

10

OPAST GROUP.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OPAST GROUP.zip

  • Size

    744KB

  • Sample

    230313-nb1eraab27

  • MD5

    1a5168d0f48e2f341e3d3d42487737d4

  • SHA1

    b8622286bee75eea322a3e8f3619a2e17bb9be44

  • SHA256

    766c70e83a04cda63620b7aa518e3dbe478b0f9711ba1a287d6869a41b480f7d

  • SHA512

    ced8987cbbf45c8b0ce1896cf2efdfc186764c999b3451b83207e28e3bf1a2104df189a7d4941360d212c1a4fdbbb7460a1645d8efa6fd2adc208a1c6b9b09b8

  • SSDEEP

    6144:q2OPYgKAapWp7q0CYcB906oP6FnpamsXp+YIDK/vj9xHsQUsXbH:YggCwZq0CvfS0np0om/vBxMBsT

Score
10/10
emotetepoch4bankermacromacro_on_actionpersistencetrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443
eck1.plain
ecs1.plain

Targets

    • Target

      OPAST GROUP.doc

    • Size

      528.3MB

    • MD5

      befdaa335353a775312c9a7b4954e69a

    • SHA1

      b11ec5f7865f32b0edcda0afb951248c16c9ac62

    • SHA256

      79b7d6166464e263a601c3c1449b0ca7c84d8d4ac0659061699a606285c651ea

    • SHA512

      6b99e01771f1ab9e20d1b03f1ba557a5f2482f6b3a56f0fd93e05e02325a411cebd3fce4e8932740dabb32dd756164bca76eb15fd8efa4e76225e9ccd750c44b

    • SSDEEP

      6144:QDuxuMOZCBtANveapnaWVgsaNlbfXhoEHC87pnkTnlzIWZ4:18yGZZak8fxJB1e5IWZ4

    Score
    10/10
    emotetepoch4bankerpersistencetrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks