emotet | 414490f54f9e9186994787ea78ad2c87b28a91c809900186287d6a822c285421 | Triage

Sharing

General

Target

f4a861a652131dfd0468ecc2650eb15e_JaffaCakes118
Size

140KB
Sample

240924-2wg1sstblf
MD5

f4a861a652131dfd0468ecc2650eb15e
SHA1

e620a19cc14f279c55845ae25ecda2e81c47873b
SHA256

414490f54f9e9186994787ea78ad2c87b28a91c809900186287d6a822c285421
SHA512

6a09839ca9848cef3b407471943ca39cf9d5abbfed44932f82d1b505a444f6893c403f49ce1fd6fd6391e6e124dfbdb31cdfc017ac2aa3b56acfca7a12b18b89
SSDEEP

1536:Swkhz81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9DZNfia:68GhDS0o9zTGOZD6EbzCd9via

Score

10^/10

emotet banker discovery execution macro trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://losistec.com/sipg4837

exe.dropper

http://kingsidedesign.com/SGJs3px

exe.dropper

http://martijngrimme.nl/iHhh9nAx

exe.dropper

http://dekormc.pl/pub/pUgp3e2xL

exe.dropper

http://kinebydesign.com/vRlkcmrBo

Targets

- Target
  
  f4a861a652131dfd0468ecc2650eb15e_JaffaCakes118
- Size
  
  140KB
- MD5
  
  f4a861a652131dfd0468ecc2650eb15e
- SHA1
  
  e620a19cc14f279c55845ae25ecda2e81c47873b
- SHA256
  
  414490f54f9e9186994787ea78ad2c87b28a91c809900186287d6a822c285421
- SHA512
  
  6a09839ca9848cef3b407471943ca39cf9d5abbfed44932f82d1b505a444f6893c403f49ce1fd6fd6391e6e124dfbdb31cdfc017ac2aa3b56acfca7a12b18b89
- SSDEEP
  
  1536:Swkhz81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9DZNfia:68GhDS0o9zTGOZD6EbzCd9via
Score

10^/10

emotet banker discovery execution trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

emotetbankerdiscoveryexecutiontrojan

behavioral2

emotetbankerexecutiontrojan