Overview

overview

10

Static

static

3

ExeFile (145).exe

windows7-x64

10

ExeFile (145).exe

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-08-2024 14:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ExeFile (145).exe

  • Size

    848KB

  • MD5

    ceb9996a65f83ca779def540aab57603

  • SHA1

    c64234fdc6bdaf57a3726cdf5e7a7ae31aa40af4

  • SHA256

    0e09441ba2045262709dcc48792a770437b44ec1ab6ecef040a87e0853e2db16

  • SHA512

    d5931d8cc48382addabc374db92d50b1df6ec623aefb27f0b8b8fc338c1cd2b6102c406874436336f97aa37ce681aad7eef42137670d883c59e1323a7b2e3585

  • SSDEEP

    6144:/TaQZdJnaB1kNO9FSm9tc6c6c6c6c6c6c6c6c6csImOksMWNIDK:/GQfJuFrz7

Score
10/10
emotetepoch2bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

67.68.210.95:80

162.241.242.173:8080

45.55.36.51:443

45.55.219.163:443

68.188.112.97:80

46.105.131.79:8080

78.24.219.147:8080

37.70.8.161:80

153.232.188.106:80

209.141.54.221:8080

203.117.253.142:80

152.168.248.128:443

93.147.212.206:80

24.137.76.62:80

189.212.199.126:443

204.197.146.48:80

137.119.36.33:80

185.94.252.104:443

139.130.242.43:80

203.153.216.189:7080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ExeFile (145).exe
    "C:\Users\Admin\AppData\Local\Temp\ExeFile (145).exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3828-2-0x0000000002460000-0x000000000246C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3828-0-0x00000000006E0000-0x00000000006E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3828-1-0x0000000000730000-0x0000000000739000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3828-6-0x0000000002460000-0x000000000246C000-memory.dmp

    Filesize

    48KB

    Download