Overview

overview

10

Static

static

8

DATA_862550248.doc

windows7-x64

10

DATA_862550248.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DATA_862550248.zip

  • Size

    678KB

  • Sample

    230314-szvlmaac5y

  • MD5

    9c2d88d20a0eaa6c24ffa7908e541293

  • SHA1

    af637075c5c9a9b0be449c0b6bb4b0ec0143386c

  • SHA256

    ae27f05aaa2c64baa9ad2024e312792c64927cab41213aa00f098fa1f99786ca

  • SHA512

    fbc82d8528cd841b11cddb635d3799d17152382d6ec4a4c012e24a709166c61dbae9acea83683f9cf953561a68ef82637dee2c22e9640092f66472b5225dd4da

  • SSDEEP

    3072:LmGWTiRHYAaxkY9HRiE5vsTDBBoBdk5wu9MzKjzAUaIQxBV5b:buAaxprW/+uRjzwt

Score
10/10
emotetepoch5bankermacromacro_on_actiontrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

103.85.95.4:8080

103.224.241.74:8080

178.238.225.252:8080

37.59.103.148:8080

78.47.204.80:443

138.197.14.67:8080

128.199.242.164:8080

54.37.228.122:443

37.44.244.177:8080

139.59.80.108:8080

218.38.121.17:443

82.98.180.154:7080

114.79.130.68:443

159.65.135.222:7080

174.138.33.49:7080

195.77.239.39:8080

193.194.92.175:443

198.199.70.22:8080

85.214.67.203:8080

93.84.115.205:7080
ecs1.plain
eck1.plain

Targets

    • Target

      DATA_862550248.doc

    • Size

      519.3MB

    • MD5

      465dd447daed33f2bbe8a95ca7d37e15

    • SHA1

      dff033fe6cd43d485d37015942d67644b12ea3e9

    • SHA256

      b0ec15385cbd5461fd9678dd61f6867d41c170d2df8dfdfe6eebd7a0de905273

    • SHA512

      1bbd0dcd7c8273547f5610c926ae9ce3280890dd8115d177dbcc39016188a0e07131aeaa3d6b353d72e87d981f98560b7c949c7496169322c7e49f0fa091b922

    • SSDEEP

      3072:+J3pNHNgsxBQnr/vMOoch7gMqR40vFdYDRORalW/Xdmku3Bh5H8NvdNHZy:+JVbQDMfqHofvfYlOR31mkuRhyNvdN

    Score
    10/10
    emotetepoch5bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks