General

  • Target

    Docs_5febafdc1237b313e8bf61a859e9cc1b.23

  • Size

    184KB

  • Sample

    191217-l4dzdr3yej

  • MD5

    5febafdc1237b313e8bf61a859e9cc1b

  • SHA1

    67650e1c8df21a94c609bc2f2c534ba139566308

  • SHA256

    08b709f398ab7ea30a222547a53b8ba3d83227df8d1b710f305c7c9ef5242bc6

  • SHA512

    25b0f83b32b00c1f7617981912735048349799d14e5215ed1322e9cded16b25ec6a6fb25d468c272d143f3e5e15162adcea7c76c869d24a0440a34b1ffaaa8c1

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://amstaffrecords.com/individualApi/0/

exe.dropper

http://foozoop.com/wp-content/Qxi7iVD/

exe.dropper

http://7arasport.com/validatefield/gj/

exe.dropper

http://dev2.ektonendon.gr/cgi-bin/mTTCFmVe/

exe.dropper

https://diagnostica-products.com/wp-admin/hio2u7w/

Extracted

Family

emotet

Botnet

Epoch2

C2

173.247.19.238:80

174.81.132.128:80

211.44.35.111:80

165.227.156.155:443

167.99.105.223:7080

67.225.179.64:8080

176.31.200.130:8080

104.131.11.150:8080

68.118.26.116:80

190.226.44.20:21

120.150.246.241:80

92.222.216.44:8080

73.214.99.25:80

110.142.38.16:80

24.93.212.32:80

190.53.135.159:21

66.209.97.122:8080

173.91.11.142:80

100.14.117.137:80

2.237.76.249:80

rsa_pubkey.plain

Targets

    • Target

      Docs_5febafdc1237b313e8bf61a859e9cc1b.23

    • Size

      184KB

    • MD5

      5febafdc1237b313e8bf61a859e9cc1b

    • SHA1

      67650e1c8df21a94c609bc2f2c534ba139566308

    • SHA256

      08b709f398ab7ea30a222547a53b8ba3d83227df8d1b710f305c7c9ef5242bc6

    • SHA512

      25b0f83b32b00c1f7617981912735048349799d14e5215ed1322e9cded16b25ec6a6fb25d468c272d143f3e5e15162adcea7c76c869d24a0440a34b1ffaaa8c1

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks