General

  • Target

    emotet_exe_e1_9fdbc4bc8a16975aaa693365507e28cfcc5f06b3c83c5e71f66ee7df49967f17_2020-11-17__181843._exe

  • Size

    368KB

  • Sample

    201117-h4g3mhg93j

  • MD5

    eba00b1db717c30cbe6ac601a33e1e77

  • SHA1

    455298452dad5ef0601600373dd618819d6a08ef

  • SHA256

    9fdbc4bc8a16975aaa693365507e28cfcc5f06b3c83c5e71f66ee7df49967f17

  • SHA512

    3002f83e16033db7f8a90e5a2c75024e7162bb200d33816295abf19ffb695dfbdf7b849a62c5137444204ed9606c7b6e7e0b5933399b9fa62048fa4b2ccd6c52

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

177.107.79.214:8080

98.103.204.12:443

59.148.253.194:8080

172.86.186.21:8080

186.70.127.199:8090

201.213.177.139:80

177.23.7.151:80

12.162.84.2:8080

45.33.77.42:8080

200.59.6.174:80

62.84.75.50:80

201.49.239.200:443

202.134.4.210:7080

98.13.75.196:80

46.43.2.95:8080

177.129.17.170:443

152.169.22.67:80

138.97.60.141:7080

45.46.37.97:80

46.105.114.137:8080

rsa_pubkey.plain

Targets

    • Target

      emotet_exe_e1_9fdbc4bc8a16975aaa693365507e28cfcc5f06b3c83c5e71f66ee7df49967f17_2020-11-17__181843._exe

    • Size

      368KB

    • MD5

      eba00b1db717c30cbe6ac601a33e1e77

    • SHA1

      455298452dad5ef0601600373dd618819d6a08ef

    • SHA256

      9fdbc4bc8a16975aaa693365507e28cfcc5f06b3c83c5e71f66ee7df49967f17

    • SHA512

      3002f83e16033db7f8a90e5a2c75024e7162bb200d33816295abf19ffb695dfbdf7b849a62c5137444204ed9606c7b6e7e0b5933399b9fa62048fa4b2ccd6c52

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet Payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks