Overview

overview

10

Static

static

1

xpng5kkgI.dll

windows7-x64

10

xpng5kkgI.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xpng5kkgI.dll

  • Size

    348KB

  • Sample

    230630-p3wfjsdf9z

  • MD5

    dca3f0a3eecf16ac4b72615d712112e9

  • SHA1

    909870e8ea76626fbe13e2c960560c2a165bd102

  • SHA256

    b5abacf24ae5aa96016c09f71a78d0121fff396d6154740eab622c4751e1764f

  • SHA512

    4bb8558e76f78b1078526952420789552930119fff8a8163d86e809186bcc7f2d2b78ee1475bc2d143648a1e890da841f0dd24704a3a1b93783b686cd95dd510

  • SSDEEP

    3072:oa99Ky1S0SD8MHjO73Ba01/H/7FlwZ2RJJBvX+WUEAQbb:oaGy1nS8MHi7xai73JtkWUEAKb

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

181.10.46.92:80

2.58.16.88:8080

206.189.232.2:8080

178.250.54.208:8080

167.71.148.58:443

202.134.4.210:7080

187.162.248.237:80

78.206.229.130:80

85.214.26.7:8080

5.196.35.138:7080

1.226.84.243:8080

110.39.162.2:443

185.183.16.47:80

152.231.89.226:80

138.97.60.141:7080

94.176.234.118:443

46.101.58.37:8080

93.146.143.191:80

70.32.84.74:8080

137.74.106.111:7080
rsa_pubkey.plain

Targets

    • Target

      xpng5kkgI.dll

    • Size

      348KB

    • MD5

      dca3f0a3eecf16ac4b72615d712112e9

    • SHA1

      909870e8ea76626fbe13e2c960560c2a165bd102

    • SHA256

      b5abacf24ae5aa96016c09f71a78d0121fff396d6154740eab622c4751e1764f

    • SHA512

      4bb8558e76f78b1078526952420789552930119fff8a8163d86e809186bcc7f2d2b78ee1475bc2d143648a1e890da841f0dd24704a3a1b93783b686cd95dd510

    • SSDEEP

      3072:oa99Ky1S0SD8MHjO73Ba01/H/7FlwZ2RJJBvX+WUEAQbb:oaGy1nS8MHi7xai73JtkWUEAKb

    Score
    10/10
    emotetepoch1bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks