Overview

overview

10

Static

static

3

05152199.exe

windows7-x64

10

05152199.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2023 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05152199.exe

  • Size

    476KB

  • MD5

    eee26360b545f361c7be6e3b985f6280

  • SHA1

    deb667ee1add1d0f28471167646a039a16b7aa38

  • SHA256

    00019c64866c9276b8fc48d4af8ea599437e31d8b8cf93bbd84d1a363507e3fd

  • SHA512

    888fa2111699f971cb950af9f8a07afc127d310ad7a9472976e408e63b3acd21b600c8afb4cac06d761dad0be5d43c7c2d01b17b78614cc80094812357156fc4

  • SSDEEP

    12288:ltcirHJcDRjVuC23qDBLcmacsitPbD5bZ4zc:LwuC23qD5vft

Score
10/10
emotetepoch1bankerdavetrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

188.157.101.114:80

192.175.111.214:8080

95.85.33.23:8080

192.232.229.54:7080

181.30.61.163:443

186.70.127.199:8090

200.127.14.97:80

70.169.17.134:80

24.232.228.233:80

172.104.169.32:8080

50.28.51.143:8080

177.73.0.98:443

149.202.72.142:7080

37.187.161.206:8080

202.29.239.162:443

213.197.182.158:8080

202.134.4.210:7080

190.24.243.186:80

201.213.177.139:80

105.209.235.113:8080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet payload 3 IoCs

    Detects Emotet payload in memory.

    trojanbanker
  • Dave packer 1 IoCs

    Detects executable using a packer named 'Dave' by the community, based on a string at the end.

    dave
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05152199.exe
    "C:\Users\Admin\AppData\Local\Temp\05152199.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4628-133-0x00000000022A0000-0x00000000022BF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/4628-137-0x00000000022C0000-0x00000000022DE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/4628-142-0x0000000002270000-0x000000000228C000-memory.dmp
    Filesize

    112KB

    Download