emotet | 6e6863e6018246db2bb8627be486e15891fafa1ff2bc0bef1eacae5ab2fb7208 | Triage

Submit
Reports

Overview

overview

Static

static

3

6e6863e601...08.dll

windows11-21h2-x64

Resubmissions

02-03-2024 10:08

240302-l6fygscf63 10

01-03-2024 07:38

240301-jgfkbaee22 10

Sharing

General

Target

6e6863e6018246db2bb8627be486e15891fafa1ff2bc0bef1eacae5ab2fb7208
Size

642KB
Sample

240302-l6fygscf63
MD5

dc6d5b9adffd41177c17e0a3d67c6928
SHA1

1f8d5c603c8c0babd0bb4a70185ddbbeb0b57494
SHA256

6e6863e6018246db2bb8627be486e15891fafa1ff2bc0bef1eacae5ab2fb7208
SHA512

472c9e421b138c761a8616f8eb59ca61de86f85bc413889b4df64613206b6f7c55249d8192c8f22929b4a9ebf929e99c63698d3612baf2b344893352cbc3967c
SSDEEP

12288:SKErLbWywuqBlzeWJsc4guGuLfGqM6AhPoTVHeo0Wq7giXg:SK8EuqLzeWeKupLlM6MwTfq7

Score

10^/10

emotet epoch5 banker discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6e6863e6018246db2bb8627be486e15891fafa1ff2bc0bef1eacae5ab2fb7208.dll

Resource

win11-20240221-en

emotet epoch5 banker discovery trojan

windows11-21h2-x64

23 signatures

1800 seconds

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

45.138.98.34:80

69.16.218.101:8080

51.210.242.234:8080

185.148.168.220:8080

142.4.219.173:8080

54.38.242.185:443

191.252.103.16:80

104.131.62.48:8080

62.171.178.147:8080

217.182.143.207:443

168.197.250.14:80

37.44.244.177:8080

66.42.57.149:443

210.57.209.142:8080

159.69.237.188:443

116.124.128.206:8080

128.199.192.135:8080

195.154.146.35:443

185.148.168.15:8080

195.77.239.39:8080

207.148.81.119:8080

85.214.67.203:8080

190.90.233.66:443

78.46.73.125:443

78.47.204.80:443

37.59.209.141:8080

54.37.228.122:443

eck1.plain

ecs1.plain

Targets

- Target
  
  6e6863e6018246db2bb8627be486e15891fafa1ff2bc0bef1eacae5ab2fb7208
- Size
  
  642KB
- MD5
  
  dc6d5b9adffd41177c17e0a3d67c6928
- SHA1
  
  1f8d5c603c8c0babd0bb4a70185ddbbeb0b57494
- SHA256
  
  6e6863e6018246db2bb8627be486e15891fafa1ff2bc0bef1eacae5ab2fb7208
- SHA512
  
  472c9e421b138c761a8616f8eb59ca61de86f85bc413889b4df64613206b6f7c55249d8192c8f22929b4a9ebf929e99c63698d3612baf2b344893352cbc3967c
- SSDEEP
  
  12288:SKErLbWywuqBlzeWJsc4guGuLfGqM6AhPoTVHeo0Wq7giXg:SK8EuqLzeWeKupLlM6MwTfq7
Score

10^/10

emotet epoch5 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

emotetepoch5bankerdiscoverytrojan

© 2018-2024

Terms | Privacy