emotet

General

Target

Fattura2889523.one
Size

262KB
Sample

230323-gme5madh47
MD5

c6c2985c6ccff177ba290fff9b71603d
SHA1

cd2d799901468397d2115d767b858552310a41b6
SHA256

bc3a2524ef2abc9cf4411ed52a7b7b4d26a7a002fbab5237c5ce40f7e3b84558
SHA512

02d1998490e50b94fe3634abb5f0b77cb285ee32319b13a6a6f83641df87b0cbc059730b5dfd1972d89b315bef47378fe3b1135f9b2a17cc7c6b7e10105eae1b
SSDEEP

3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWa3:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuVs

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

213.239.212.5:443

129.232.188.93:443

103.43.75.120:443

197.242.150.244:8080

1.234.2.232:8080

110.232.117.186:8080

95.217.221.146:8080

159.89.202.34:443

159.65.88.10:8080

82.223.21.224:8080

169.57.156.166:8080

45.176.232.124:443

45.235.8.30:8080

173.212.193.249:8080

107.170.39.149:8080

119.59.103.152:8080

167.172.199.165:8080

91.207.28.33:8080

185.4.135.165:8080

104.168.155.143:8080

eck1.plain

ecs1.plain

Targets

- Target
  
  Fattura2889523.one
- Size
  
  262KB
- MD5
  
  c6c2985c6ccff177ba290fff9b71603d
- SHA1
  
  cd2d799901468397d2115d767b858552310a41b6
- SHA256
  
  bc3a2524ef2abc9cf4411ed52a7b7b4d26a7a002fbab5237c5ce40f7e3b84558
- SHA512
  
  02d1998490e50b94fe3634abb5f0b77cb285ee32319b13a6a6f83641df87b0cbc059730b5dfd1972d89b315bef47378fe3b1135f9b2a17cc7c6b7e10105eae1b
- SSDEEP
  
  3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWa3:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuVs
Score

10^/10

emotet epoch4 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2