Overview

overview

10

Static

static

Emotet (1).bin.exe

windows7_x64

10

Emotet (1).bin.exe

windows10_x64

1

Analysis

  • max time kernel
    112s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    13-07-2020 08:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Emotet (1).bin.exe

  • Size

    108KB

  • MD5

    fcac43fac9c9ac9f936046a9e769c6f1

  • SHA1

    225603e68e45012fa04b3ba0087702b8f220abe7

  • SHA256

    11289a622930f7cf2208df85f56e5c3c663a709327ca9a2dd88c2ff13b411ba3

  • SHA512

    bb003ab9bfb046a0b2866360cd3501bae1a693530573fa52918e368d6d61db4da7d5e88e7317953d13a5fc08185f08f59629de370b3ba8633130cb5454390e8f

Score
10/10
trojanbankeremotet

Malware Config

Extracted

Family

emotet

C2

190.108.228.62:443

212.51.142.238:8080

93.51.50.171:8080

87.106.139.101:8080

185.94.252.104:443

50.116.86.205:8080

81.2.235.111:8080

110.145.77.103:80

162.241.92.219:8080

200.41.121.90:80

139.59.60.244:8080

103.86.49.11:8080

60.130.173.117:80

104.236.246.93:8080

93.156.165.186:80

91.205.215.66:443

209.141.54.221:8080

116.203.32.252:8080

79.98.24.39:8080

176.111.60.55:8080
rsa_pubkey.plain

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Emotet (1).bin.exe
    "C:\Users\Admin\AppData\Local\Temp\Emotet (1).bin.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2044-0-0x0000000000710000-0x000000000071E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/2044-1-0x0000000000720000-0x000000000072C000-memory.dmp
    Filesize

    48KB

    Download