Overview

overview

10

Static

static

8

emotet_v6

windows10-1703-x64

1

emotet_doc

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a1c5cce6ca90d46a09229143ee1518e69740adfc91f12cc9bd6d8417b990deb

  • Size

    534.2MB

  • Sample

    230323-g2d6waea36

  • MD5

    3d36b417e14f84046bb07304a607f8b3

  • SHA1

    5631659f85614637a52ec29f7f125539e78d59e6

  • SHA256

    4a1c5cce6ca90d46a09229143ee1518e69740adfc91f12cc9bd6d8417b990deb

  • SHA512

    d997c05bca3b7b9457a5b16be46dc613cb8c9d4c8f20630f296f76d04d527ef000d9e0311dfec6839daecdd60eb5420e7f12a2fcea0cf328ae1ae231fb1770ee

  • SSDEEP

    3072:brrCtKZF4eqZ627NHRxMvOwvzpl+vk6jZc:5F4eqYwHMvfvzpKk6Nc

Score
10/10
emotetepoch4bankermacromacro_on_actiontrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

213.239.212.5:443

129.232.188.93:443

103.43.75.120:443

197.242.150.244:8080

1.234.2.232:8080

110.232.117.186:8080

95.217.221.146:8080

159.89.202.34:443

159.65.88.10:8080

82.223.21.224:8080

169.57.156.166:8080

45.176.232.124:443

45.235.8.30:8080

173.212.193.249:8080

107.170.39.149:8080

119.59.103.152:8080

167.172.199.165:8080

91.207.28.33:8080

185.4.135.165:8080

104.168.155.143:8080
eck1.plain
ecs1.plain

Targets

    • Target

      4a1c5cce6ca90d46a09229143ee1518e69740adfc91f12cc9bd6d8417b990deb

    • Size

      534.2MB

    • MD5

      3d36b417e14f84046bb07304a607f8b3

    • SHA1

      5631659f85614637a52ec29f7f125539e78d59e6

    • SHA256

      4a1c5cce6ca90d46a09229143ee1518e69740adfc91f12cc9bd6d8417b990deb

    • SHA512

      d997c05bca3b7b9457a5b16be46dc613cb8c9d4c8f20630f296f76d04d527ef000d9e0311dfec6839daecdd60eb5420e7f12a2fcea0cf328ae1ae231fb1770ee

    • SSDEEP

      3072:brrCtKZF4eqZ627NHRxMvOwvzpl+vk6jZc:5F4eqYwHMvfvzpKk6Nc

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks