emotet | 9b48f81bfc4461566ca90250127007b1bfeae15b0e7bc8671eeac75f7c4bad80 | Triage

Sharing

General

Target

invio.zip
Size

768KB
Sample

230317-qd3n1aac7x
MD5

81d280c8ccd988be947c13f8308fc9dd
SHA1

b733fc3217ed4d9cd15ea254d8755f334ab0e438
SHA256

9b48f81bfc4461566ca90250127007b1bfeae15b0e7bc8671eeac75f7c4bad80
SHA512

7b14d2a60f0a29291c04de5af7e7c73b82df59d0d7eadd39b5aa25849025a4dd46affb9fe2eb037d0ee059f42c817ee1aaf86ef48a553964a6b1037b117d3068
SSDEEP

3072:ncjh0tyfwRKDTLEc7Tx6VmRrp65WWs5k+iUqMPQR8NGp5sivL:OmQ1XL5Tv765Wz6+U0Q6NF8

Score

10^/10

emotet epoch4 banker macro macro_on_action trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

164.68.99.3:8080

164.90.222.65:443

186.194.240.217:443

1.234.2.232:8080

103.75.201.2:443

187.63.160.88:80

147.139.166.154:8080

91.207.28.33:8080

5.135.159.50:443

153.92.5.27:8080

213.239.212.5:443

103.43.75.120:443

159.65.88.10:8080

167.172.253.162:8080

153.126.146.25:7080

119.59.103.152:8080

107.170.39.149:8080

183.111.227.137:8080

159.89.202.34:443

110.232.117.186:8080

eck1.plain

ecs1.plain

Targets

- Target
  
  invio.doc
- Size
  
  512.3MB
- MD5
  
  b8f2e6550dcb9fc6e361a4c3b524d105
- SHA1
  
  ba73d91eca761ec01ed8e836f853221cc2321e79
- SHA256
  
  30eba819cc525b6dd03264c1bcbd79c7de436ecb39fcfcca7ef4802437c6158d
- SHA512
  
  a2a89b1c79b08547c27f0bbc27994da6fbec2a455c69b112057e1106fe8e594fcb96cab5353b9a3eac77a8221409bf8c24748ab2b315c367e1af8228186038c5
- SSDEEP
  
  6144:jkmCUX1RauEA55axdWFyDDIqqmbwbLUW:omC7uz552AFZqXbwbA
Score

10^/10

emotet epoch4 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

emotetepoch4bankertrojan