Overview

overview

10

Static

static

3

ee8ebbb6ac...0N.exe

windows7-x64

10

ee8ebbb6ac...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee8ebbb6ac053e7aa73615709471d7c0N.exe

  • Size

    368KB

  • Sample

    240907-ca61cszbnc

  • MD5

    ee8ebbb6ac053e7aa73615709471d7c0

  • SHA1

    9e226823d35f7759b29e6b2f9dc9f500e8c59559

  • SHA256

    bef877a17e09a39d5818dd22362266ddb23390603df271c5e846d1d7e1c9119d

  • SHA512

    f869dce6692f26934cf66067b6e24d425f298b4003225f7dec54563caa27f1923f5ec33ad9da50f49e2f86fcc8a876ef2a40b9862c1c4d890b3143846d3baaac

  • SSDEEP

    6144:HzoTjUrx4KVHa9eUfTLHy2VrH0D+wieIyl7lT2IcO/wksAPJLzx:ToCHVcjZwieL7l6i/wi

Score
10/10
emotetepoch2bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

200.116.145.225:443

96.126.101.6:8080

5.196.108.185:8080

167.114.153.111:8080

194.187.133.160:443

98.174.164.72:80

103.86.49.11:8080

78.24.219.147:8080

50.245.107.73:443

110.145.77.103:80

94.200.114.161:80

61.19.246.238:443

194.4.58.192:7080

209.54.13.14:80

102.182.93.220:80

46.105.131.79:8080

142.112.10.95:20

186.70.56.94:443

203.153.216.189:7080

49.50.209.131:80
rsa_pubkey.plain

Targets

    • Target

      ee8ebbb6ac053e7aa73615709471d7c0N.exe

    • Size

      368KB

    • MD5

      ee8ebbb6ac053e7aa73615709471d7c0

    • SHA1

      9e226823d35f7759b29e6b2f9dc9f500e8c59559

    • SHA256

      bef877a17e09a39d5818dd22362266ddb23390603df271c5e846d1d7e1c9119d

    • SHA512

      f869dce6692f26934cf66067b6e24d425f298b4003225f7dec54563caa27f1923f5ec33ad9da50f49e2f86fcc8a876ef2a40b9862c1c4d890b3143846d3baaac

    • SSDEEP

      6144:HzoTjUrx4KVHa9eUfTLHy2VrH0D+wieIyl7lT2IcO/wksAPJLzx:ToCHVcjZwieL7l6i/wi

    Score
    10/10
    emotetepoch2bankerdiscoverytrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet payload

      Detects Emotet payload in memory.

      trojanbanker

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks