Overview

overview

10

Static

static

8

52c03506-a...92.eml

windows7-x64

5

52c03506-a...92.eml

windows10-2004-x64

3

Electronic...23.zip

windows7-x64

1

Electronic...23.zip

windows10-2004-x64

1

Electronic...23.doc

windows7-x64

10

Electronic...23.doc

windows10-2004-x64

10

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

image001.png

windows7-x64

3

image001.png

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    52c03506-a7da-5b88-f72d-0d619d687292.eml

  • Size

    917KB

  • Sample

    230315-fx3s1adf4y

  • MD5

    dd4e84ef5a633b36a5e906fa3d0ba5fb

  • SHA1

    6a655e943b310f9a074395a288813ef6970b420a

  • SHA256

    4a2330672b0fb2cc9105ceeb860d7d07fc336506e460cce3c3812bad07d9307a

  • SHA512

    c047cbea02e8455f0d356e26ca0cc180d596e80cda0ba1873c7d7f1c6fb8414fc68e042f28f8d237cf465d778d69faad93d14055de57bbfd160d0343f47870f1

  • SSDEEP

    6144:C0YVxr1QNujLnBRwwWzNKH6VqnlUXbkO6+RTx1SNTJL+ct:C0G4+LndENw9lUXbPpvW1+8

Score
10/10
emotetepoch4bankermacromacro_on_actiontrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443
eck1.plain
ecs1.plain

Targets

    • Target

      52c03506-a7da-5b88-f72d-0d619d687292.eml

    • Size

      917KB

    • MD5

      dd4e84ef5a633b36a5e906fa3d0ba5fb

    • SHA1

      6a655e943b310f9a074395a288813ef6970b420a

    • SHA256

      4a2330672b0fb2cc9105ceeb860d7d07fc336506e460cce3c3812bad07d9307a

    • SHA512

      c047cbea02e8455f0d356e26ca0cc180d596e80cda0ba1873c7d7f1c6fb8414fc68e042f28f8d237cf465d778d69faad93d14055de57bbfd160d0343f47870f1

    • SSDEEP

      6144:C0YVxr1QNujLnBRwwWzNKH6VqnlUXbkO6+RTx1SNTJL+ct:C0G4+LndENw9lUXbPpvW1+8

    Score
    5/10

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      Electronic form Dt 03.07.2023.zip

    • Size

      653KB

    • MD5

      75c240e39f4107d14c70c388f30f3058

    • SHA1

      e1c7016546533c8aadfe191af875ccd24eab3323

    • SHA256

      ca15321a21bcda91c6c587bc857621f5b4b82f8706d10fcc412e060ffc4a7e70

    • SHA512

      c243a552c268625c6bfc4e4294dcddb0e5997c20765620a79f10b733a1cb1116e860e9a1a6046086fdf64a09432586deba4936160865bc759d27174ff2639e8f

    • SSDEEP

      6144:/JNbwmfcuHom8Hz2f//ywiWT8xVTI5wqb:zbPHom8TYyCT8x5I5wE

    Score
    1/10
    behavioral3behavioral4

    • Target

      Electronic form Dt 03.07.2023.doc

    • Size

      503.3MB

    • MD5

      1dbc044bf76ca7d83fb1fb1b8429944e

    • SHA1

      49e942747cb574be72c089ab37c24a7f74c43e7f

    • SHA256

      867d37e39eca966e299f66134f34111d71994322ca258764f52a6bb6cbe3de62

    • SHA512

      dcb3c7147bb35ba73d525b68b0e6ea098901c42fc4f7a686fd7292aa7e88d748c91a3683ecae1e0aa8091bc2778aa60bd72553d40ffb17cb530ea4577b724133

    • SSDEEP

      6144:xPn4VZXbatu7MDogsDkHS50LdfcGcbz1f5M9KTFrMpSlMK3Ru+Q28:xP4PbNMkgg3Ru+x

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      email-html-1.txt

    • Size

      464B

    • MD5

      8a31892e98b300cee0769ad98c37103e

    • SHA1

      b759b2c575e43e4ca9ba992cc6a5d98fed618276

    • SHA256

      1c6072ed4159e523f44ab7192ff79b6ff43f3cee987374be128613f0a0132a34

    • SHA512

      2d4684acafab479c39b7414b28e3fbcc7c4220f5c939ad400254cb75e8b5f36612dbbb972ab16ef460154c53aac5c745e10b785f59eb07ea42aeab352356b84c

    Score
    1/10
    behavioral7behavioral8

    • Target

      image001.png

    • Size

      6KB

    • MD5

      93328012727d7dd99dfffabf0c38f1be

    • SHA1

      9bceb41c873ed8cd1ec8df89b9ba96a04f9143d1

    • SHA256

      27a694d87cba73ef5b422cba1505064ac77118285cd79b8139de389ee0cd88b9

    • SHA512

      6f73acf078a5f71c03feda89f4376d1f863b790a19731987c8b4f6a8c601e40518bff6056d73b13a147186cf479fd36a7292b0f463727882db04e787f54d9fd0

    • SSDEEP

      192:XvNg5Whf3QdTGFq7ty/bWuduP7WVo/YZa33P:Vg5Whf3QhvtybdO7WCQYP

    Score
    3/10
    behavioral10behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks