General

  • Target

    ecc9db7e20004a8efd97edf7ccfbae92d66f42ca1d99ec8f7ef71e0131a96839

  • Size

    206KB

  • Sample

    191224-t97e5medbs

  • MD5

    edfa7fd58a85e069b7ace2af5ebbfc53

  • SHA1

    f5abb2cd415477b2615aae893cbde9319cb1ab79

  • SHA256

    ecc9db7e20004a8efd97edf7ccfbae92d66f42ca1d99ec8f7ef71e0131a96839

  • SHA512

    2c8569f36ec8a11c6e94f4ea7d87a1da75d260e12d9f73f8e70918cd09c9e4fde80f6072069d07e657fe6e758cf815d0e707195c88f6b8ed81c82bceb5e1b269

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://www.spectaglobal.com/wp-admin/SELFt1969/

exe.dropper

http://www.emir-elbahr.com/wp-admin/css/1u8825/

exe.dropper

https://www.jwtrubber.com/wp-content/73LYb/

exe.dropper

https://adanzyeyapi.com/wp-includes/dD6121/

exe.dropper

https://www.smartwebdns.net/_vti_bin/0QRGg70/

Extracted

Family

emotet

Botnet

Epoch1

C2

177.180.115.224:80

177.242.21.126:80

190.210.236.139:80

144.217.117.207:8080

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

5.88.27.67:8080

37.187.6.63:8080

186.15.83.52:8080

201.213.32.59:80

97.81.12.153:80

178.79.163.131:8080

138.68.106.4:7080

217.199.160.224:8080

181.61.143.177:80

189.19.81.181:443

186.68.48.204:443

118.36.70.245:80

80.11.158.65:8080

rsa_pubkey.plain

Targets

    • Target

      ecc9db7e20004a8efd97edf7ccfbae92d66f42ca1d99ec8f7ef71e0131a96839

    • Size

      206KB

    • MD5

      edfa7fd58a85e069b7ace2af5ebbfc53

    • SHA1

      f5abb2cd415477b2615aae893cbde9319cb1ab79

    • SHA256

      ecc9db7e20004a8efd97edf7ccfbae92d66f42ca1d99ec8f7ef71e0131a96839

    • SHA512

      2c8569f36ec8a11c6e94f4ea7d87a1da75d260e12d9f73f8e70918cd09c9e4fde80f6072069d07e657fe6e758cf815d0e707195c88f6b8ed81c82bceb5e1b269

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

    • Process spawned unexpected child process

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks