General

  • Target

    53543c4e067429ef1855f883b1a455450c4e4215484bc18c8f1a43b10cdd1829

  • Size

    668KB

  • Sample

    200729-f1kwngvgg2

  • MD5

    15f3862532be14973079209b608f73ce

  • SHA1

    20a8e5775c7fd07fc8274e306066f3a9a4318002

  • SHA256

    53543c4e067429ef1855f883b1a455450c4e4215484bc18c8f1a43b10cdd1829

  • SHA512

    f9f82b088b7ae2916c1dad262da7f12b0cb247fbd25ce1f6c9bb43689cc808fc4cfd7099a9a5ed8a6ffb93c2b91195a5db69f86706c4ad76edfec73dad28cf80

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

76.27.179.47:80

212.51.142.238:8080

189.212.199.126:443

61.19.246.238:443

162.154.38.103:80

91.211.88.52:7080

83.110.223.58:443

124.45.106.173:443

116.203.32.252:8080

109.117.53.230:443

5.196.74.210:8080

75.139.38.211:80

168.235.67.138:7080

176.111.60.55:8080

169.239.182.217:8080

74.208.45.104:8080

31.31.77.83:443

222.214.218.37:4143

37.139.21.175:8080

91.205.215.66:443

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----
6

Targets

    • Target

      53543c4e067429ef1855f883b1a455450c4e4215484bc18c8f1a43b10cdd1829

    • Size

      668KB

    • MD5

      15f3862532be14973079209b608f73ce

    • SHA1

      20a8e5775c7fd07fc8274e306066f3a9a4318002

    • SHA256

      53543c4e067429ef1855f883b1a455450c4e4215484bc18c8f1a43b10cdd1829

    • SHA512

      f9f82b088b7ae2916c1dad262da7f12b0cb247fbd25ce1f6c9bb43689cc808fc4cfd7099a9a5ed8a6ffb93c2b91195a5db69f86706c4ad76edfec73dad28cf80

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet Payload

      Detects Emotet payload in memory.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.