General

  • Target

    Docs_fbff465d66a0eb834b052719a27f5ab1.11

  • Size

    185KB

  • Sample

    191217-3ctzt29npn

  • MD5

    fbff465d66a0eb834b052719a27f5ab1

  • SHA1

    b3df2b4c39487ed821a427921b5154d2c1a1df7c

  • SHA256

    6568a3a8206a6474f34f2f1d7a2951653070f60517ef2fb92c47d005bc4f7fbe

  • SHA512

    4d697f6ebad76bb03f689d118d247e8d49d9e9d5c6863aa57b65f2af655629368195274ac097fa8ab27321fdc83a51895181de16a436417dbb724e41de633b41

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://nangngucsiam.com/wp-content/plugins/wp-ffpc/4ij33/

exe.dropper

http://jsd-id.com/wp-content/uploads/4ae3ep99933/

exe.dropper

http://18teens.xyz/wp-content/epewe862/

exe.dropper

http://www.fundzit.com/wp-admin/g05/

exe.dropper

http://wp.banyannaples.com/cgi-bin/97sq9667/

Extracted

Family

emotet

Botnet

Epoch1

C2

152.170.108.99:443

99.252.27.6:80

93.148.252.90:80

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

80.85.87.122:8080

2.139.158.136:443

80.11.158.65:8080

79.31.85.103:80

77.55.211.77:8080

96.61.113.203:80

181.198.203.45:443

142.93.114.137:8080

186.15.83.52:8080

181.36.42.205:443

68.183.190.199:8080

159.203.204.126:8080

50.28.51.143:8080

46.101.212.195:8080

rsa_pubkey.plain

Targets

    • Target

      Docs_fbff465d66a0eb834b052719a27f5ab1.11

    • Size

      185KB

    • MD5

      fbff465d66a0eb834b052719a27f5ab1

    • SHA1

      b3df2b4c39487ed821a427921b5154d2c1a1df7c

    • SHA256

      6568a3a8206a6474f34f2f1d7a2951653070f60517ef2fb92c47d005bc4f7fbe

    • SHA512

      4d697f6ebad76bb03f689d118d247e8d49d9e9d5c6863aa57b65f2af655629368195274ac097fa8ab27321fdc83a51895181de16a436417dbb724e41de633b41

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks