Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a173abf8a8a9f3775bc4f197652d1dd5d9271dd89ad1f317958ca152cc2ea6c0

  • Size

    178KB

  • Sample

    191212-tc25hhj14j

  • MD5

    372f920e6c97a6eaa15b1971171054f6

  • SHA1

    99a177ae2697b74fe5418d3f9640b8d75fd3f9f8

  • SHA256

    a173abf8a8a9f3775bc4f197652d1dd5d9271dd89ad1f317958ca152cc2ea6c0

  • SHA512

    61e5ad9f44e48b50a0ef15713121020495118442f4a5c718ab1c261890f91bb637c2e6d16640d67208c2e0c11a6830f740d82ffd7e501a0bbe2ac0a1667b5528

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://theaustinochuks.com/personal_array/kvrmif/
exe.dropper

http://sarafifallahi.com/wp-admin/uUXtpLhI/
exe.dropper

http://faustosarli.com/wp-admin/mYZW0/
exe.dropper

http://janejahan.com/wp-content/hqiw1u9/
exe.dropper

http://vikstory.ca/h/f2cgRvw/

Extracted

Family

emotet

Botnet

Epoch2

C2

110.143.84.202:80

75.80.148.244:80

64.53.242.181:8080

37.59.24.177:8080

66.34.201.20:7080

108.179.206.219:8080

45.56.88.91:443

206.189.112.148:8080

211.63.71.72:8080

178.210.51.222:8080

92.186.52.193:80

195.244.215.206:80

2.38.99.79:80

37.157.194.134:443

206.81.10.215:8080

80.21.182.46:80

80.11.163.139:21

190.56.255.118:80

190.226.44.20:21

173.70.81.77:80
rsa_pubkey.plain

Targets

    • Target

      a173abf8a8a9f3775bc4f197652d1dd5d9271dd89ad1f317958ca152cc2ea6c0

    • Size

      178KB

    • MD5

      372f920e6c97a6eaa15b1971171054f6

    • SHA1

      99a177ae2697b74fe5418d3f9640b8d75fd3f9f8

    • SHA256

      a173abf8a8a9f3775bc4f197652d1dd5d9271dd89ad1f317958ca152cc2ea6c0

    • SHA512

      61e5ad9f44e48b50a0ef15713121020495118442f4a5c718ab1c261890f91bb637c2e6d16640d67208c2e0c11a6830f740d82ffd7e501a0bbe2ac0a1667b5528

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Executes dropped EXE

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks