Overview

overview

10

Static

static

8

INVOICE N ...23.doc

windows7-x64

10

INVOICE N ...23.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INVOICE BLA162 March 2023.zip

  • Size

    633KB

  • Sample

    230421-rdkzmafh68

  • MD5

    35a345263fccb89525db821fa18be7f8

  • SHA1

    757d2498aef18a1db5e5cc5af76673e405ca4e20

  • SHA256

    4adeca1bae060bc64f11af0d6a2bc6fdb43430f1f8ec62a4d1f9d8ae4fae1fe9

  • SHA512

    9a4266803f73786320e49c7d7a0bf6ba5bfe64579b1e25248616df560e0d41101a95d876fae4a69cbda08de983caf5e6063e8875dad6b4da25376108a9df1fbc

  • SSDEEP

    3072:51lsI//z4a/hGS0NclN3U8XKp5ZuoWkQQhl0GEzal3C0:512c/z4a5GLNIp1WMkd3tC0

Score
10/10
emotetepoch4bankermacromacro_on_actiontrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

164.68.99.3:8080

164.90.222.65:443

186.194.240.217:443

1.234.2.232:8080

103.75.201.2:443

187.63.160.88:80

147.139.166.154:8080

91.207.28.33:8080

5.135.159.50:443

153.92.5.27:8080

213.239.212.5:443

103.43.75.120:443

159.65.88.10:8080

167.172.253.162:8080

153.126.146.25:7080

119.59.103.152:8080

107.170.39.149:8080

183.111.227.137:8080

159.89.202.34:443

110.232.117.186:8080
eck1.plain
ecs1.plain

Targets

    • Target

      INVOICE N IJ952634 March 2023.doc

    • Size

      514.2MB

    • MD5

      569dd57886777d0e9aa72151ae32cf7d

    • SHA1

      8be53083637a60ee102d8e5fbb8fb0d7df33bab7

    • SHA256

      b63617eda3505c9ab6deb672f33ca196f508b6cd5eb1cc00ec5c2500a35c18a6

    • SHA512

      13c5f79efa16d93c4b0a8c5f7ff31aae5f4087d10254167e1b1359b7b8ed4f32e116e00fc97d31124345bbb5726371079b9216fd95c5768722daf0a8299ccbc6

    • SSDEEP

      3072:eoEW2aOtFjH0lP2IpjctfRcVVwEi/A8NVM1wIOCbX6bYLjWFJuvx7ueK6:ZE1aOtFa2I9c3aVw4zwxCbJ4Jup

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks