General

  • Target

    77a0a8de225a0e6c5933bbf470c5ddc67e19d5ded59985a1e7a1b2316241ccab

  • Size

    254KB

  • Sample

    200117-b5sehdw9fs

  • MD5

    720d76718eb18c6a9db75202d6648626

  • SHA1

    faeded627b773f0c34a89ecdbf9c39b4db460579

  • SHA256

    77a0a8de225a0e6c5933bbf470c5ddc67e19d5ded59985a1e7a1b2316241ccab

  • SHA512

    24b0f13cd754782e264b7461ef38dbb45cb20d97d44327a7dfac13cda58ff8f9ea310268799abd8ac4901f1c860058cbac3abd9fe9009694979d8dddecbdb4b6

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://kiziltepeakyuzrehabilitasyon.com/wp-includes/69n2/

exe.dropper

http://sitesetup.cindydonovan.com/wp-admin/81ynglg/

exe.dropper

https://jaberevents.com/y48h/

exe.dropper

https://shopdinhviviettel.com/wp-content/pwhm6p/

exe.dropper

https://marshalgroup.org/wp-content/uploads/dh1/

Extracted

Family

emotet

Botnet

Epoch2

C2

100.6.23.40:80

200.71.200.4:443

190.114.244.182:443

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

110.36.217.66:8080

206.81.10.215:8080

93.147.141.5:443

60.250.78.22:443

92.222.216.44:8080

95.213.236.64:8080

27.109.153.201:8090

66.7.242.50:8080

5.196.74.210:8080

181.143.126.170:80

209.97.168.52:8080

206.189.112.148:8080

64.53.242.181:8080

rsa_pubkey.plain

Targets

    • Target

      77a0a8de225a0e6c5933bbf470c5ddc67e19d5ded59985a1e7a1b2316241ccab

    • Size

      254KB

    • MD5

      720d76718eb18c6a9db75202d6648626

    • SHA1

      faeded627b773f0c34a89ecdbf9c39b4db460579

    • SHA256

      77a0a8de225a0e6c5933bbf470c5ddc67e19d5ded59985a1e7a1b2316241ccab

    • SHA512

      24b0f13cd754782e264b7461ef38dbb45cb20d97d44327a7dfac13cda58ff8f9ea310268799abd8ac4901f1c860058cbac3abd9fe9009694979d8dddecbdb4b6

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

    • Process spawned unexpected child process

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks