Overview

overview

10

Static

static

8

Documento.xlsm

windows7_x64

10

Documento.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Documento.xlsm

  • Size

    209KB

  • Sample

    220224-prryzsdaa3

  • MD5

    5acc6f1ff8366ddc895392da4e6a50e3

  • SHA1

    45b3ef65a4dabdbbefec603fe3dca9bfb1c5c643

  • SHA256

    0bb184f9c3e9cda4571bd806b90dbda484c331d9dce7af784405fd211f6c71c4

  • SHA512

    dc1921d8e4c2a2496d1d44f4079e1518015aec4854eed6f7759136bc42b21e39305efc5285a9dd1ab846a73a6dbd04faa60489d0bfc38e00f416fd0ff443dc70

Score
10/10
emotetepoch4bankermacrotrojanxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.swaong.com/assets/VV4/

Extracted

Family

emotet

Botnet

Epoch4

C2

135.148.121.246:8080

213.190.4.223:7080

175.107.196.192:80

46.55.222.11:443

153.126.203.229:8080

138.185.72.26:8080

45.118.135.203:7080

107.182.225.142:8080

195.154.133.20:443

79.172.212.216:8080

129.232.188.93:443

50.30.40.196:8080

131.100.24.231:80

58.227.42.236:80

216.158.226.206:443

45.118.115.99:8080

51.254.140.238:7080

173.212.193.249:8080

110.232.117.186:8080

81.0.236.90:443
eck1.plain
ecs1.plain

Targets

    • Target

      Documento.xlsm

    • Size

      209KB

    • MD5

      5acc6f1ff8366ddc895392da4e6a50e3

    • SHA1

      45b3ef65a4dabdbbefec603fe3dca9bfb1c5c643

    • SHA256

      0bb184f9c3e9cda4571bd806b90dbda484c331d9dce7af784405fd211f6c71c4

    • SHA512

      dc1921d8e4c2a2496d1d44f4079e1518015aec4854eed6f7759136bc42b21e39305efc5285a9dd1ab846a73a6dbd04faa60489d0bfc38e00f416fd0ff443dc70

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks