emotet

General

Target

Notice_68892.zip
Size

748KB
Sample

230314-r2zgxsaa5t
MD5

4b2741d05c72988c92292a9be27a60bb
SHA1

2317671840296d7c2479fbbafdfef03e20304239
SHA256

8a0120a01f14c5e4a0232a731e5392efdffb92cca731bf1554a49b7c469c8058
SHA512

ec07420500de60821f2401c89890e98a573e0006285d02ec4eb20940f2816ff4251824236e3246edbd9939a7237a4b43b573f825e582e25a12db9ac20fa7c7df
SSDEEP

6144:+wZnDlMy6O3qKmCRUe1B5uLqcHfVDNUV3nJGM+BTl:FtDlb6IqXCRUe1BTcH8VIM+Vl

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

103.85.95.4:8080

103.224.241.74:8080

178.238.225.252:8080

37.59.103.148:8080

78.47.204.80:443

138.197.14.67:8080

128.199.242.164:8080

54.37.228.122:443

37.44.244.177:8080

139.59.80.108:8080

218.38.121.17:443

82.98.180.154:7080

114.79.130.68:443

159.65.135.222:7080

174.138.33.49:7080

195.77.239.39:8080

193.194.92.175:443

198.199.70.22:8080

85.214.67.203:8080

93.84.115.205:7080

ecs1.plain

eck1.plain

Targets

- Target
  
  Notice_68892.doc
- Size
  
  545.4MB
- MD5
  
  f0cb9379f2e06fac5d274c45bf314b29
- SHA1
  
  3d6aa9460f01ff18ccc15a79feb74d5fdb689367
- SHA256
  
  f1302aa30d6ac7a0ff628f2b795104badee29b61f256d71a246dcac7ae799a3d
- SHA512
  
  69f9bbb52772be9bf9477085ea9a20c526cbca35e0e2ed97b4c277758083e5c53662719db1c8c5455f29aac515dc6f85cdff7a0c0e2fb0bb800961203dbce2d8
- SSDEEP
  
  6144:5yk1RgZZXbN63GW1Z7krKSUzMNYJJdKkOl950uH54Lg4Ne9C:5/MXJ6WW1Z7ktUgNYJJdKkOHC4D409
Score

10^/10

emotet epoch5 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2