Overview

overview

10

Static

static

8

003e0d05-e...4f.eml

windows7-x64

5

003e0d05-e...4f.eml

windows10-2004-x64

3

QS75790832...QQ.zip

windows7-x64

1

QS75790832...QQ.zip

windows10-2004-x64

1

QS75790832...QQ.doc

windows7-x64

10

QS75790832...QQ.doc

windows10-2004-x64

10

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

image003.png

windows7-x64

3

image003.png

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    003e0d05-e098-4f77-c885-46d789da144f.eml

  • Size

    941KB

  • Sample

    230315-fksr9sbf23

  • MD5

    b2acda5d87c402c817235bbe6c2b1300

  • SHA1

    58435040fe17a26b1e49f6663db9f8dcf5b39ca3

  • SHA256

    07528a336a55d5fc37f7add62ee8c61d205644808769a07601d6f54ac99dad4d

  • SHA512

    d7b8129d90adcbdde33d63cae58a849985dfa64dc205472706a01918d6630348419debe27878c780910eafc57d3328a10517f1330c7e9aa3ce2c8f0ee10e5dfd

  • SSDEEP

    3072:XGHGAp3b6wK0Edmu00HR8fyvemUewoTl5E/TeCZ00gKkW2X7kSYAEbqV11tUR05q:Xa/ZGfe90HR8fTHC6KCZozkdAEbs1icq

Score
10/10
emotetepoch4bankermacromacro_on_actiontrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

164.68.99.3:8080

164.90.222.65:443

186.194.240.217:443

1.234.2.232:8080

103.75.201.2:443

187.63.160.88:80

147.139.166.154:8080

91.207.28.33:8080

5.135.159.50:443

153.92.5.27:8080

213.239.212.5:443

103.43.75.120:443

159.65.88.10:8080

167.172.253.162:8080

153.126.146.25:7080

119.59.103.152:8080

107.170.39.149:8080

183.111.227.137:8080

159.89.202.34:443

110.232.117.186:8080
eck1.plain
ecs1.plain

Targets

    • Target

      003e0d05-e098-4f77-c885-46d789da144f.eml

    • Size

      941KB

    • MD5

      b2acda5d87c402c817235bbe6c2b1300

    • SHA1

      58435040fe17a26b1e49f6663db9f8dcf5b39ca3

    • SHA256

      07528a336a55d5fc37f7add62ee8c61d205644808769a07601d6f54ac99dad4d

    • SHA512

      d7b8129d90adcbdde33d63cae58a849985dfa64dc205472706a01918d6630348419debe27878c780910eafc57d3328a10517f1330c7e9aa3ce2c8f0ee10e5dfd

    • SSDEEP

      3072:XGHGAp3b6wK0Edmu00HR8fyvemUewoTl5E/TeCZ00gKkW2X7kSYAEbqV11tUR05q:Xa/ZGfe90HR8fTHC6KCZozkdAEbs1icq

    Score
    5/10

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      QS75790832498186151LQQ.zip

    • Size

      663KB

    • MD5

      ee183f62e0120235fa0b4377349208c8

    • SHA1

      961698f2bcafa0fe9b4d54d125bf43c69902c881

    • SHA256

      993d068f7dcb2332099a9305561b0efba246045618e70c483a48a96651abb1d6

    • SHA512

      166419466b8c95dff4dfb32660221e00707a39582ae9d271492493577ff322305266c9b4dd30b5e6aed0d02c0182264ba418cc40215fd457f6779552bf71120e

    • SSDEEP

      3072:01lsI//z4a/hGS0NclN3U8XKp5ZuoWkQQhl0GEzal3Cu:012c/z4a5GLNIp1WMkd3tCu

    Score
    1/10
    behavioral3behavioral4

    • Target

      QS75790832498186151LQQ.doc

    • Size

      544.2MB

    • MD5

      d010772a1cabb304c5febfeccc88469d

    • SHA1

      d43c562d6568f7ec28986d9008d136771d147047

    • SHA256

      25ac9a0d8addecfc48aa37215a67edb773b4d9177f824f3cdbbb7201c5b4417a

    • SHA512

      2b5e225b99712f2b047f8961ebc4a14cb285a1f563642e09a7715a19cbb39805c5b8c5237fa10012dc9712ff56f18cc8614d7cd54e0819cfcc59c18a94ceabba

    • SSDEEP

      3072:eoEW2aOtFjH0lP2IpjctfRcVVwEi/A8NVM1wIOCbX6bYLjWFJuvx7ueK6:ZE1aOtFa2I9c3aVw4zwxCbJ4Jup

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      email-html-1.txt

    • Size

      7KB

    • MD5

      202ac828678e3a929218ceabc1207ba8

    • SHA1

      736b26d3bbc0aa11317163b04e63823857556189

    • SHA256

      5dc69f8c8aa949846e6dd2f5fcc7e488c038d9972f40a5f4b0a2b5f0acfeca34

    • SHA512

      6be42e4623e621608caa13b009bcd05bfde3a2fb28b12c4d5b5a93d5e40539e89bda5b61ccbbd86b200b1870443f48b8a902752617965911c9d7ad8c498fedf0

    • SSDEEP

      192:9XZIizvXCE9ZTaj1GgOjljqj5rDsqj9jIj6plnMGr9xHI9KZ999+ATugwn2c9jN1:9p3vCE9ZTaj1VOjljqj5rDsqj9jIj6j8

    Score
    1/10
    behavioral7behavioral8

    • Target

      image003.png

    • Size

      7KB

    • MD5

      607903095bbba5c94b4aa4bd9d862088

    • SHA1

      c47380cda6c6958bd181146bb71ee99a0fa0ab40

    • SHA256

      d1067a71fd2e72195a688bcd9dc10278b037367d1a0e6ad117aed48b8491b3c0

    • SHA512

      39c1cf4658bd15444a073cf0fd7daccea9ba51d15cc058b5194bbeb709083f828a49d033ca3306a8707e2b07633fa8489d1d6b54b9df012b1b7949c66f4716bb

    • SSDEEP

      192:DH4U8ObOxB+oACrJ1fACSSp6dr7zoYoXzae:58qOxB+jCrJoSYr78Z+e

    Score
    3/10
    behavioral10behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks