emotet

General

Target

Details-1403.zip
Size

746KB
Sample

230314-rdxy7ahf7v
MD5

6525c7c7a2c8e07d6e4ef087ce651900
SHA1

c31ba20457cb29d7217df47fcd6e24af7dc47607
SHA256

b657ff2eedb3a695ad0803581491dbadb4e8269d84e7d29044852fe8d5ef2c2f
SHA512

45086cacc61e53b9723427b1c610ad63d721c9862b3cc7f2225b2736c879475bc45d645f92fccb212363b5588babcfe195e3d74170c4732e8ea6131f06cf0fda
SSDEEP

6144:uwZnDlMy6O3qKmCRUe1B5uLqcHfVDNUV3nJGM+BTW:1tDlb6IqXCRUe1BTcH8VIM+VW

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

103.85.95.4:8080

103.224.241.74:8080

178.238.225.252:8080

37.59.103.148:8080

78.47.204.80:443

138.197.14.67:8080

128.199.242.164:8080

54.37.228.122:443

37.44.244.177:8080

139.59.80.108:8080

218.38.121.17:443

82.98.180.154:7080

114.79.130.68:443

159.65.135.222:7080

174.138.33.49:7080

195.77.239.39:8080

193.194.92.175:443

198.199.70.22:8080

85.214.67.203:8080

93.84.115.205:7080

ecs1.plain

eck1.plain

Targets

- Target
  
  Details-1403.doc
- Size
  
  543.4MB
- MD5
  
  fab228ccf98106058a380fa34a81785c
- SHA1
  
  4cdf518b8c83fdeda252e098a1c58a729413c4f6
- SHA256
  
  d49c3094888646282364efd6b28f66b99fbe8aa2f8dc2be86daddd3320ae04c9
- SHA512
  
  8c65c417e79dfc7995e46e2e53da52c15ab2d2c71233a51d7812df9ccee7c5e326ee227db83bd23f35816a0391bc5b081678b0d24037306a537302cb24701cd7
- SSDEEP
  
  6144:5yk1RgZZXbN63GW1Z7krKSUzMNYJJdKkOl950uH54Lg4Ne9C:5/MXJ6WW1Z7ktUgNYJJdKkOHC4D409
Score

10^/10

emotet epoch5 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2