emotet

Sharing

Copy URL

Twitter E-mail

General

Target

2023-03-17-Emotet-malware-samples.zip
Size

4.8MB
Sample

230327-jkyv3aed5y
MD5

8af138cf4f2e730d4e9249e0dc755c07
SHA1

054cfa0f33768206b2557b092a0e87ae0163a2db
SHA256

239ef6d53cade1d87bbe2407b8d78ce99e094147877da0de499322ab7dfc6b2b
SHA512

fc698c732d91f1987e4dfd82ff645a0b69f3aeb7786836ffdcbc948c00455a2cb90381bffaac516cc6afcbd31e3308dd4cd8ef4ef95c797cc6fe741f78598055
SSDEEP

98304:jCrQ+7L5ioBhKtOXGhFXDNE7+FxNGEtPAdZ9Km/WkzqbZh:20+7UoGOWhDi+zNGuYre5h

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

103.85.95.4:8080

103.224.241.74:8080

178.238.225.252:8080

37.59.103.148:8080

78.47.204.80:443

138.197.14.67:8080

128.199.242.164:8080

54.37.228.122:443

37.44.244.177:8080

139.59.80.108:8080

218.38.121.17:443

82.98.180.154:7080

114.79.130.68:443

159.65.135.222:7080

174.138.33.49:7080

195.77.239.39:8080

193.194.92.175:443

198.199.70.22:8080

85.214.67.203:8080

93.84.115.205:7080

ecs1.plain

eck1.plain

Targets

- Target
  
  2023-03-17-Emotet-malware-samples.zip
- Size
  
  4.8MB
- MD5
  
  8af138cf4f2e730d4e9249e0dc755c07
- SHA1
  
  054cfa0f33768206b2557b092a0e87ae0163a2db
- SHA256
  
  239ef6d53cade1d87bbe2407b8d78ce99e094147877da0de499322ab7dfc6b2b
- SHA512
  
  fc698c732d91f1987e4dfd82ff645a0b69f3aeb7786836ffdcbc948c00455a2cb90381bffaac516cc6afcbd31e3308dd4cd8ef4ef95c797cc6fe741f78598055
- SSDEEP
  
  98304:jCrQ+7L5ioBhKtOXGhFXDNE7+FxNGEtPAdZ9Km/WkzqbZh:20+7UoGOWhDi+zNGuYre5h
Score

1^/10
behavioral1
- Target
  
  01-attachments-3-examples/A 2618033.zip
- Size
  
  717KB
- MD5
  
  581709f6d99126b05d3cfd3e88a07438
- SHA1
  
  5cf5cff07e700adcec8fb7a0696a7db524a40a30
- SHA256
  
  1858af1beb761e5763bd2af55e4e3ccc3c48064061ab36805f405ed8162a3dc8
- SHA512
  
  da515d78458f629ed6e52dd0ac8af3c876b1d7eff053113f032f1781b31f24f5e42b7c28b785e1511844826c3793bcc5b5fdc197cbb68939db5a008a1ef69804
- SSDEEP
  
  3072:eSgWiG5Z++yxJU4djtxx0SA0cEaEwj5hsXk6h4x3OOPi+RA5KYncoJMb:eSXvl4djtxx0ucEaHiXkllOU9o/Ab
Score

1^/10
behavioral2
- Target
  
  A 2618033.doc
- Size
  
  546.3MB
- MD5
  
  426605dcab3d0984594354b775aa9906
- SHA1
  
  6d6fd88c1ada6675141aa1f41e17db7f2a0bbd3f
- SHA256
  
  76bf34f1085973786f6e62ebb0d1aa900519dfe9cd64ee82ebda62ca35bc7080
- SHA512
  
  314dd9444d08fcda2fb6d08ef6ce17e98f545ce312470446090101ed17d813bb19ea2e007804235ba708d0b0518a4d8c2b31e9e2b4c816effa9612896f73deb4
- SSDEEP
  
  6144:ip32/gDd0Nmt71wFmSWjfDrV8YQnZocbyrX4NqclWL9:ip32SEmtJwFmhjfPtrXqqyW
Score

10^/10

emotet epoch5 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Downloads MZ/PE file
- Loads dropped DLL
behavioral3
- Target
  
  01-attachments-3-examples/Message 167168370508.one
- Size
  
  293KB
- MD5
  
  b951629aedffbabc180ee80f9725f024
- SHA1
  
  73c17369f2c4e3ce36d4f8917d011dde9a26eb07
- SHA256
  
  a43e0864905fe7afd6d8dbf26bd27d898a2effd386e81cfbc08cae9cf94ed968
- SHA512
  
  108efb4b68175a4f98f6153c6c88401255119b41ce7cf4224c571c587c3e4a145af1f999feb7dd9e2fe37324aae09cd367a3100c2d997c8836cf3120e395da29
- SSDEEP
  
  3072:Q7pvc2vetOepE76wtghUVkJlD1HUjCu/tewu4UhKg+012FYrQAwNLhbrUzJr9EQ3:Q1veXwtVElijRcwuzKg+NAw3bI/Z+9mX
Score

1^/10
behavioral4
- Target
  
  01-attachments-3-examples/Untitled_608.zip
- Size
  
  706KB
- MD5
  
  6bd243b17185f5519f58a5bb7cad92c1
- SHA1
  
  84153674b861bb180f12d18a3c8559351fddca73
- SHA256
  
  c14df890baae1c81d9ca06765e776c4e3003cee0b3aabfbb9c1992c4c903d48d
- SHA512
  
  ec464ef087ff002475fd2b860f40ba1e9e70f4e688ed4264f5eb8a7a3a2f9a29238d6c200e4c9156a4b4b34fc2e385d2ca74f9240d8f925c4c9da54fcd145cf9
- SSDEEP
  
  6144:UP/mYiuwND6sXVrg561q/bqdjn4qwZwBg:GMhtV8Q1q/bCr4qwZog
Score

1^/10
behavioral5
- Target
  
  02-embedded-JS-file-from-OneNote-doc/output1.js
- Size
  
  124KB
- MD5
  
  9e346695bbc4291bc769f98be9e6a5e9
- SHA1
  
  3396a0f6e6270e798fadae572d1a914ebbbcd944
- SHA256
  
  f25f69c71066b18364cd405ae80048a8b615c4b0f2cc4cb51b916ef08ba246db
- SHA512
  
  60f9fe65730a3341d6147669b8dde56f0055b7e05f8150de4a3f316d8eeab22c5094dc70e252bd6667189fa28649a404a51deb8e92e4044d4a9d196bba1921cf
- SSDEEP
  
  1536:ytFYr16AwN5dh/CFK1rUBp2jH3p3mXjSVjPejWuSeZ7kZocYEpa4G2LJ0H/E+lua:QFYrQAwNLhbrUzJr9EQB1x3W9GHV
Score

8^/10
- Blocklisted process makes network request
behavioral6
- Target
  
  03-downloaded-zips-with-inflated-Emote-DLLs-4-examples/6AfEa8G0W8NOtUh7hqFj.zip
- Size
  
  838KB
- MD5
  
  62c2bee7cd48bcf468d73999e67aae9b
- SHA1
  
  2a4a230e12f65e3741d8f8f364fbe31aba5f7147
- SHA256
  
  c463fa42ee091a310f67cbb7e8462775b8d531d272a9b846af7184d81d8c9676
- SHA512
  
  0562f43eb1fb91f32fd5503baa7d3cdcf7649c350319d0f8d10e0d4be64955a34d7df312f112e43297f87c3e390927077406b2a001164ce7251b58ed3e9163ae
- SSDEEP
  
  6144:GA/fqQLsh2uoOObj+gmM424czDPECwRAc7cDA08yuMol3Y:X/fqmm2sObC7ezET7vh73Y
Score

1^/10
behavioral7
- Target
  
  03-downloaded-zips-with-inflated-Emote-DLLs-4-examples/Ac8wwulKxqZjc.zip
- Size
  
  807KB
- MD5
  
  e829fd1ab215be4a915946926baf0744
- SHA1
  
  0761e5f38d9437f25af9e3f3d6cc7f6a95d675b3
- SHA256
  
  3f1d493543a2c67c1ff132653796a014f15320b499d2246e9806e3064b35557f
- SHA512
  
  e7f0851cb11a473967524a64c5d1b098a4d341c7096467e5fd863ce2dfdd9f162e0a34388e7e303af749c3c570c8898206c2ed7867ba2902bfb50c251c71097b
- SSDEEP
  
  6144:sA/fqQLsh2uoOObj+gmM424czDPECwRAc7cDA08yuMol3p:B/fqmm2sObC7ezET7vh73p
Score

1^/10
behavioral8
- Target
  
  03-downloaded-zips-with-inflated-Emote-DLLs-4-examples/O1uPzXd2YscA.zip
- Size
  
  811KB
- MD5
  
  2f56a13efc346438a275f675f9cbe794
- SHA1
  
  bb50faf6091e39b9d8ba9048dae965bbdec2c4df
- SHA256
  
  437f0dce73d03e764e346dee98bb44c6111766897c2fd085c8c1c5457988818e
- SHA512
  
  b74793a378365f98fe4cdab8a3742fedbe3daf7c858ebb40f9a1d11fa93dbc881bf5f027e064444703d8fd068aa1b895d16629f7dfcba757ddc60ee9008df9d4
- SSDEEP
  
  6144:mA/fqQLsh2uoOObj+gmM424czDPECwRAc7cDA08yuMol3l:3/fqmm2sObC7ezET7vh73l
Score

1^/10
behavioral9
- Target
  
  03-downloaded-zips-with-inflated-Emote-DLLs-4-examples/TKK8yKdEvyYAbBE5avb.zip
- Size
  
  850KB
- MD5
  
  fe55a6c6d8c858916984d55a14cafb5b
- SHA1
  
  2da064c668253cf3c3d08cbda40bef0f71555404
- SHA256
  
  7ac3a5ac20d268c44e3361fe67d9360b88df8bf3d7e250b5ef13a8bf108e396e
- SHA512
  
  7be8b6ef7370cfa52130686b66a26eb8ac932791762eb2970189ba36c4932da923ba7ad263f877e1f96a9da5317a6190b40d6146878a693be67b78a731ab59a0
- SSDEEP
  
  6144:LA/fqQLsh2uoOObj+gmM424czDPECwRAc7cDA08yuMol3N:k/fqmm2sObC7ezET7vh73N
Score

1^/10
behavioral10

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Downloads MZ/PE file

Loads dropped DLL

Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10