emotet

General

Target

491c00fdd923fa108534bd756d671604221dee6045876c38003a9608984c87fb.doc
Size

321KB
Sample

230321-3l8lfadg35
MD5

b6959d69ea9e910ef9845a747dbf4ec6
SHA1

db842a6f2c9a87016e9ad57e0eb247ba30929607
SHA256

491c00fdd923fa108534bd756d671604221dee6045876c38003a9608984c87fb
SHA512

49c9ec40b7a05a7a821f9fbea15b04666f959ef7a6a2521bf5e6384de25e1e0f72dd287849ad0ddc4c134b6db4d2c4b219cbd77ba9de9da83e37a3c101c2ecc0
SSDEEP

6144:5BmDosGlcH4WGDsxsefRA9mJpoiCam9K+7mlOCFu4:T0osG+gDsaoRRpoDaGfZyu

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

213.239.212.5:443

129.232.188.93:443

103.43.75.120:443

197.242.150.244:8080

1.234.2.232:8080

110.232.117.186:8080

95.217.221.146:8080

159.89.202.34:443

159.65.88.10:8080

82.223.21.224:8080

169.57.156.166:8080

45.176.232.124:443

45.235.8.30:8080

173.212.193.249:8080

107.170.39.149:8080

119.59.103.152:8080

167.172.199.165:8080

91.207.28.33:8080

185.4.135.165:8080

104.168.155.143:8080

eck1.plain

ecs1.plain

Targets

- Target
  
  491c00fdd923fa108534bd756d671604221dee6045876c38003a9608984c87fb.doc
- Size
  
  321KB
- MD5
  
  b6959d69ea9e910ef9845a747dbf4ec6
- SHA1
  
  db842a6f2c9a87016e9ad57e0eb247ba30929607
- SHA256
  
  491c00fdd923fa108534bd756d671604221dee6045876c38003a9608984c87fb
- SHA512
  
  49c9ec40b7a05a7a821f9fbea15b04666f959ef7a6a2521bf5e6384de25e1e0f72dd287849ad0ddc4c134b6db4d2c4b219cbd77ba9de9da83e37a3c101c2ecc0
- SSDEEP
  
  6144:5BmDosGlcH4WGDsxsefRA9mJpoiCam9K+7mlOCFu4:T0osG+gDsaoRRpoDaGfZyu
Score

10^/10

emotet epoch4 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2