Analysis

  • max time kernel
    10s
  • max time network
    23s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    31-07-2020 19:00

General

  • Target

    24c42c482d7ce8f92a1e408567b7d3008a54e08e31b5472ac1b05bb34a9ccde3.exe

  • Size

    372KB

  • MD5

    af27148f5fa310913513f86e7dc25fdc

  • SHA1

    f7df4c85a1c3308d973b373d54585260fdef7094

  • SHA256

    24c42c482d7ce8f92a1e408567b7d3008a54e08e31b5472ac1b05bb34a9ccde3

  • SHA512

    cd935dee5ce9c1e570078b9ca131d1767d99623ad2b31b2b8a583f3111e49174cfaf7a39bbb0d6615bdf2ff1134d24cb945292221c28dbb0d4740f0bbc9ccadd

Score
10/10

Malware Config

Extracted

Family

emotet

C2

73.116.193.136:80

185.94.252.13:443

149.62.173.247:8080

89.32.150.160:8080

185.94.252.12:80

77.90.136.129:8080

83.169.21.32:7080

104.236.161.64:8080

114.109.179.60:80

189.2.177.210:443

68.183.190.199:8080

144.139.91.187:443

185.94.252.27:443

190.181.235.46:80

82.196.15.205:8080

46.28.111.142:7080

181.167.96.215:80

202.62.39.111:80

219.92.13.25:80

191.99.160.58:80

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----
6

Signatures

  • Emotet Payload 2 IoCs

    Detects Emotet payload in memory.

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24c42c482d7ce8f92a1e408567b7d3008a54e08e31b5472ac1b05bb34a9ccde3.exe
    "C:\Users\Admin\AppData\Local\Temp\24c42c482d7ce8f92a1e408567b7d3008a54e08e31b5472ac1b05bb34a9ccde3.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    PID:1636

Network

    No results found
  • 73.116.193.136:80
    24c42c482d7ce8f92a1e408567b7d3008a54e08e31b5472ac1b05bb34a9ccde3.exe
    156 B
    3
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1636-0-0x00000000005D0000-0x00000000005DC000-memory.dmp

    Filesize

    48KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.