Semplificare l’analisi di Emotet con Python e iced x86
Tags
| attack-pattern: | Data Indirect Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Rundll32 - T1218.011 Software - T1592.002 Powershell - T1086 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 96da80f8-a730-4def-8fbb-56141d8cb0a8 |
| Fingerprint | cd995751ed6d4a46 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 31, 2020, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | CERT-AGID Computer Emergency Response TeamAGID |
| Title | Semplificare l’analisi di Emotet con Python e iced x86 |
| Detected Hints/Tags/Attributes | 48/1/26 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | flowcontrol.call |
|
| Details | Domain | 1 | flowcontrol.next |
|
| Details | Domain | 1 | self.va |
|
| Details | Domain | 1 | 5-self.va |
|
| Details | Domain | 48 | pefile.pe |
|
| Details | Domain | 3 | exp.name |
|
| Details | Domain | 1 | conditioncode.ne |
|
| Details | File | 1 | ayvdaah.js |
|
| Details | File | 5 | b'.dat |
|
| Details | File | 2 | emotet.dll |
|
| Details | File | 7 | code.js |
|
| Details | File | 1 | proc.dll |
|
| Details | File | 1 | exports.json |
|
| Details | File | 1 | export.json |
|
| Details | File | 1 | code.mov |
|
| Details | File | 2 | opkind.reg |
|
| Details | File | 1 | decoders.key |
|
| Details | File | 229 | advapi32.dll |
|
| Details | File | 83 | crypt32.dll |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 69 | shlwapi.dll |
|
| Details | File | 50 | urlmon.dll |
|
| Details | File | 37 | userenv.dll |
|
| Details | File | 146 | wininet.dll |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |