Overview

overview

10

Static

static

8

Notice_68892.doc

windows7-x64

10

Notice_68892.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Notice_68892.zip

  • Size

    748KB

  • Sample

    230314-r2zgxsaa5t

  • MD5

    4b2741d05c72988c92292a9be27a60bb

  • SHA1

    2317671840296d7c2479fbbafdfef03e20304239

  • SHA256

    8a0120a01f14c5e4a0232a731e5392efdffb92cca731bf1554a49b7c469c8058

  • SHA512

    ec07420500de60821f2401c89890e98a573e0006285d02ec4eb20940f2816ff4251824236e3246edbd9939a7237a4b43b573f825e582e25a12db9ac20fa7c7df

  • SSDEEP

    6144:+wZnDlMy6O3qKmCRUe1B5uLqcHfVDNUV3nJGM+BTl:FtDlb6IqXCRUe1BTcH8VIM+Vl

Score
10/10
emotetepoch5bankermacromacro_on_actiontrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

103.85.95.4:8080

103.224.241.74:8080

178.238.225.252:8080

37.59.103.148:8080

78.47.204.80:443

138.197.14.67:8080

128.199.242.164:8080

54.37.228.122:443

37.44.244.177:8080

139.59.80.108:8080

218.38.121.17:443

82.98.180.154:7080

114.79.130.68:443

159.65.135.222:7080

174.138.33.49:7080

195.77.239.39:8080

193.194.92.175:443

198.199.70.22:8080

85.214.67.203:8080

93.84.115.205:7080
ecs1.plain
eck1.plain

Targets

    • Target

      Notice_68892.doc

    • Size

      545.4MB

    • MD5

      f0cb9379f2e06fac5d274c45bf314b29

    • SHA1

      3d6aa9460f01ff18ccc15a79feb74d5fdb689367

    • SHA256

      f1302aa30d6ac7a0ff628f2b795104badee29b61f256d71a246dcac7ae799a3d

    • SHA512

      69f9bbb52772be9bf9477085ea9a20c526cbca35e0e2ed97b4c277758083e5c53662719db1c8c5455f29aac515dc6f85cdff7a0c0e2fb0bb800961203dbce2d8

    • SSDEEP

      6144:5yk1RgZZXbN63GW1Z7krKSUzMNYJJdKkOl950uH54Lg4Ne9C:5/MXJ6WW1Z7ktUgNYJJdKkOHC4D409

    Score
    10/10
    emotetepoch5bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks