Overview

overview

10

Static

static

8

Fattura 56458.doc

windows7-x64

10

Fattura 56458.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Gmail Fattura 56458.zip

  • Size

    681KB

  • Sample

    230314-pfk2ashc41

  • MD5

    bbac42804f370fa3f36a4736d8e2c8cc

  • SHA1

    2d1c030702810a911999421de9c0d2a7e4c3d6aa

  • SHA256

    ca5ee8eea117ab08785dd43e868a61996c37abf7fae130ec7c5433696c1664eb

  • SHA512

    ff2c90b43a00345a6df5c99c1901d1e2d22d8ea509cb4ae02c947f9225f735858a41c125ccb6d7863d7f6d98e551d72243b80fc8f249816cf2870bb6d45b7535

  • SSDEEP

    3072:7IFb4Wmkqke+cEeqH9vH+i2s1Vj8JxuLVpMs75XLKZvZ:7Oykqk6Lw+i2s1Vjkxuxp/QvZ

Score
10/10
emotetepoch4bankermacromacro_on_actiontrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

164.68.99.3:8080

164.90.222.65:443

186.194.240.217:443

1.234.2.232:8080

103.75.201.2:443

187.63.160.88:80

147.139.166.154:8080

91.207.28.33:8080

5.135.159.50:443

153.92.5.27:8080

213.239.212.5:443

103.43.75.120:443

159.65.88.10:8080

167.172.253.162:8080

153.126.146.25:7080

119.59.103.152:8080

107.170.39.149:8080

183.111.227.137:8080

159.89.202.34:443

110.232.117.186:8080
eck1.plain
ecs1.plain

Targets

    • Target

      Fattura 56458.doc

    • Size

      527.3MB

    • MD5

      67c832f26ce9b11a9dcfffb6dc6a8beb

    • SHA1

      60f6b46ba04e814725b0aeb2fa7a31125fef914d

    • SHA256

      548f9f8f314c5e68c02ffaf8f1bc81a17492d534856ac62f3bb7ea04ccad14d3

    • SHA512

      f5d4c2cdb8d50dddcedf8e807cc9e7e7024fefb1c69c31839db7593009f074c6c99c09e3a81fd9c286db43ed439e1efef58363388249593a55ae9f0838a60b24

    • SSDEEP

      6144:1620tqUx3Xu+7ZkRIDNGi9a0Va5UAClo:1620tqm3+I2ezcz5U3lo

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks