Overview

overview

10

Static

static

8

bg-6552479.doc

windows7-x64

10

bg-6552479.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bg-6552479.zip

  • Size

    727KB

  • Sample

    230317-jrj1gsfa28

  • MD5

    b1b7155dd89db42ebac96191fa1cc219

  • SHA1

    8f95ccca06a27414b30392d1962541fe451983a6

  • SHA256

    b8e62579ea147a7392e9d37d8b2aeb6b9d8d1883e6a6f9ff5ebcb42f5a395e29

  • SHA512

    075ce3bd03c819e40c125434d0acab282c068695bcf00271330c3f6d7c278b3866c4351c5830ff36ffd68ab4582bcdf8d95586f9041f845fa67a5389fcdde034

  • SSDEEP

    6144:EwZnDlMy6O3qKmCRUe1B5uLqcHfVDNUV3nJGM+BTp:XtDlb6IqXCRUe1BTcH8VIM+Vp

Score
10/10
emotetepoch5bankermacromacro_on_actiontrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

103.85.95.4:8080

103.224.241.74:8080

178.238.225.252:8080

37.59.103.148:8080

78.47.204.80:443

138.197.14.67:8080

128.199.242.164:8080

54.37.228.122:443

37.44.244.177:8080

139.59.80.108:8080

218.38.121.17:443

82.98.180.154:7080

114.79.130.68:443

159.65.135.222:7080

174.138.33.49:7080

195.77.239.39:8080

193.194.92.175:443

198.199.70.22:8080

85.214.67.203:8080

93.84.115.205:7080
ecs1.plain
eck1.plain

Targets

    • Target

      bg-6552479.doc

    • Size

      524.4MB

    • MD5

      e422ecaa33d71c00c4562e3b931cd7e2

    • SHA1

      490e95c3eacabfa6e47f2b9b1a691e15441a5d1d

    • SHA256

      7e92fd7a1554ba396bb14db43950b989d2f44155fed73ec12deaf11a01d606af

    • SHA512

      ff4af4a054f17d84bb063612496468e6ecc34f73af3020e37c5b19dffa7f904553f2dfe84a8e3aced1db932acec3f027ed1d8c7c246ed2c653660f2ad29c8cb7

    • SSDEEP

      6144:5yk1RgZZXbN63GW1Z7krKSUzMNYJJdKkOl950uH54Lg4Ne9C:5/MXJ6WW1Z7ktUgNYJJdKkOHC4D409

    Score
    10/10
    emotetepoch5bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks