Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cb2a47b8a242f3946499d0a6460bbc5cec7fcff246c1c3b6d9c3981e602dd7d

  • Size

    196KB

  • Sample

    191218-74hczg7qv2

  • MD5

    7d55fd6b3351da7823ae1aafec63db91

  • SHA1

    fadeca00815740486e27879b67bd0b44680416b5

  • SHA256

    0cb2a47b8a242f3946499d0a6460bbc5cec7fcff246c1c3b6d9c3981e602dd7d

  • SHA512

    44e2d9e2ae70cb425817bcb5897652a6abbcfb3c76fa29d1cd6d132f5f995fc7c9a2ff06805bc4429c986028d019deda01b72809f6f0dcb4b387b4a229e48da3

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://salvacodina.com/wp-admin/qWYFrK/
exe.dropper

http://serviska.com/show_cat3/lKzElbNb/
exe.dropper

https://bar-ola.com/wp-admin/KIdh35kENT/
exe.dropper

http://rinani.com/wp-includes/FFkV/
exe.dropper

https://wowmotions.com/wp-admin/A8LwzwQ/

Extracted

Family

emotet

Botnet

Epoch2

C2

173.247.19.238:80

174.81.132.128:80

211.44.35.111:80

165.227.156.155:443

167.99.105.223:7080

67.225.179.64:8080

176.31.200.130:8080

104.131.11.150:8080

68.118.26.116:80

190.226.44.20:21

120.150.246.241:80

92.222.216.44:8080

73.214.99.25:80

110.142.38.16:80

24.93.212.32:80

190.53.135.159:21

66.209.97.122:8080

173.91.11.142:80

100.14.117.137:80

2.237.76.249:80
rsa_pubkey.plain

Targets

    • Target

      0cb2a47b8a242f3946499d0a6460bbc5cec7fcff246c1c3b6d9c3981e602dd7d

    • Size

      196KB

    • MD5

      7d55fd6b3351da7823ae1aafec63db91

    • SHA1

      fadeca00815740486e27879b67bd0b44680416b5

    • SHA256

      0cb2a47b8a242f3946499d0a6460bbc5cec7fcff246c1c3b6d9c3981e602dd7d

    • SHA512

      44e2d9e2ae70cb425817bcb5897652a6abbcfb3c76fa29d1cd6d132f5f995fc7c9a2ff06805bc4429c986028d019deda01b72809f6f0dcb4b387b4a229e48da3

    Score
    10/10
    trojanbankeremotet

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

      trojanbankeremotet

    • Executes dropped EXE

    task1

MITRE ATT&CK Enterprise v6

Tasks