Overview

overview

10

Static

static

3

5414383c87...0N.exe

windows7-x64

10

5414383c87...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    106s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-09-2024 00:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5414383c873052a717f07fb38bb9da70N.exe

  • Size

    838KB

  • MD5

    5414383c873052a717f07fb38bb9da70

  • SHA1

    de2d4ddcf83afc85e040b37a57a1fbb9ee0bf153

  • SHA256

    25ace8b21a2623874335e5280f8e37f707807038ec6d21f2dd565720c0365b6b

  • SHA512

    d3a4abc23a823985dae9f3ecb6586b9e0adc8ac0875ee419e1bfb0bb87b9f39b39c8132fd4ca6286d86fe433e0ede25f45d551384d17f41693dc78577d5c1753

  • SSDEEP

    12288:LqFtrjWILWe14XIl0txcuXr5kTewflT8CY+hO76PPFPcN1qWxOfc3O:mDjWIPErbSplT8CYctPe1pxOfc

Score
10/10
emotetepoch2bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

24.178.90.49:80

96.126.101.6:8080

5.196.108.185:8080

167.114.153.111:8080

188.219.31.12:80

184.180.181.202:80

85.105.111.166:80

174.106.122.139:80

137.59.187.107:8080

185.94.252.104:443

142.112.10.95:20

102.182.93.220:80

75.188.96.231:80

93.147.212.206:80

120.150.218.241:443

87.106.139.101:8080

78.188.106.53:443

75.139.38.211:80

46.105.131.79:8080

168.235.67.138:7080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet payload 3 IoCs

    Detects Emotet payload in memory.

    trojanbanker
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5414383c873052a717f07fb38bb9da70N.exe
    "C:\Users\Admin\AppData\Local\Temp\5414383c873052a717f07fb38bb9da70N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1108-8-0x00000000022D0000-0x00000000022E6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1108-4-0x0000000002320000-0x0000000002337000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1108-0-0x00000000022F0000-0x0000000002308000-memory.dmp

    Filesize

    96KB

    Download