emotet | 002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede

Analysis

max time kernel
30s
max time network
32s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2023 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe
Size

216KB
MD5

d8d3349451145cc1f5bd111e1d599594
SHA1

de4df787916ef5902eed7fcbece0db5169cdd20f
SHA256

002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede
SHA512

e76236d1cdc7300e0eb28b97ad0468c701bf3c1ccfb6c0adb2408d3c852e2579b1b8213ba2f4e5eeace1a0d81534dea4db6f2f5c93b721f0d2044a33136a954f
SSDEEP

6144:RntoY1FllBLC5p3Y4hd1+S3NdQBE8klubGoU:RtoY1FllBiNY4hdsS9v8kMU

Score

10^/10

emotet epoch2 banker trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

67.163.161.107:80

107.170.146.252:8080

173.212.214.235:7080

167.114.153.111:8080

185.94.252.104:443

110.142.236.207:80

194.187.133.160:443

218.147.193.146:80

172.104.97.173:8080

216.139.123.119:80

50.91.114.38:80

202.134.4.211:8080

113.61.66.94:80

139.99.158.11:443

62.171.142.179:8080

37.139.21.175:8080

190.108.228.27:443

94.23.237.171:443

154.91.33.137:443

201.241.127.190:80

rsa_pubkey.plain

Signatures

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet

Emotet payload 3 IoCs

Detects Emotet payload in memory.

trojan banker

Processes:

resource	yara_rule
behavioral2/memory/1184-133-0x0000000000A40000-0x0000000000A60000-memory.dmp	emotet
behavioral2/memory/1184-137-0x0000000002080000-0x000000000209E000-memory.dmp	emotet
behavioral2/memory/1184-142-0x0000000000A20000-0x0000000000A3D000-memory.dmp	emotet

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe

pid	process
1184	002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe
1184	002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe
1184	002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe
1184	002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe
1184	002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe
1184	002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe
1184	002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe
1184	002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe

C:\Users\Admin\AppData\Local\Temp\002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe
"C:\Users\Admin\AppData\Local\Temp\002d5fc16b4a7fb22d6c18a706774d12de50658f936116f0f8842b4e0c47bede.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1184-133-0x0000000000A40000-0x0000000000A60000-memory.dmp

Filesize
128KB

Download
memory/1184-137-0x0000000002080000-0x000000000209E000-memory.dmp

Filesize
120KB

Download
memory/1184-142-0x0000000000A20000-0x0000000000A3D000-memory.dmp

Filesize
116KB

Download