Analysis
-
max time kernel
130s -
max time network
144s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
17-11-2020 15:12
Static task
static1
Behavioral task
behavioral1
Sample
a47bca92dbf3ef4d04a855a6fc4738d5.exe
Resource
win7v20201028
General
-
Target
a47bca92dbf3ef4d04a855a6fc4738d5.exe
-
Size
431KB
-
MD5
a3861627819c1f96cb49d744f29fa133
-
SHA1
f2a9e814df080f939b49b332106ee528b0bf874c
-
SHA256
cf6b9926592640d4b57cc72612a16a8a9247b9097f9f559db40e8d26e8688361
-
SHA512
08b8618aef12ecc7a6eb2c5d4b467941ea8226247172cd92ec55be1f966c78f867eb110c112a35b39c6d8b76efcd415e5aeb0128a64971c5f30413efa696af9b
Malware Config
Extracted
emotet
Epoch2
184.180.181.202:80
169.50.76.149:8080
162.241.140.129:8080
104.131.123.136:443
194.187.133.160:443
71.15.245.148:8080
37.139.21.175:8080
104.131.11.150:443
118.83.154.64:443
24.137.76.62:80
79.137.83.50:443
69.206.132.149:80
110.142.236.207:80
123.176.25.234:80
120.150.60.189:80
209.54.13.14:80
95.213.236.64:8080
209.141.54.221:8080
96.245.227.43:80
87.106.139.101:8080
89.216.122.92:80
140.186.212.146:80
104.131.44.150:8080
190.240.194.77:443
124.41.215.226:80
142.112.10.95:20
130.0.132.242:80
91.211.88.52:7080
203.153.216.189:7080
110.145.77.103:80
186.74.215.34:80
121.7.31.214:80
50.91.114.38:80
5.196.74.210:8080
47.144.21.12:443
134.209.36.254:8080
74.208.45.104:8080
103.86.49.11:8080
72.143.73.234:443
80.241.255.202:8080
94.23.237.171:443
74.214.230.200:80
68.252.26.78:80
91.146.156.228:80
190.108.228.27:443
218.147.193.146:80
76.175.162.101:80
121.124.124.40:7080
75.143.247.51:80
94.200.114.161:80
93.147.212.206:80
139.162.60.124:8080
50.35.17.13:80
216.139.123.119:80
71.72.196.159:80
137.59.187.107:8080
109.74.5.95:8080
174.45.13.118:80
172.91.208.86:80
194.4.58.192:7080
168.235.67.138:7080
139.59.60.244:8080
87.106.136.232:8080
139.99.158.11:443
62.30.7.67:443
188.219.31.12:80
96.249.236.156:443
24.179.13.119:80
78.24.219.147:8080
47.36.140.164:80
185.94.252.104:443
75.139.38.211:80
108.46.29.236:80
62.75.141.82:80
113.61.66.94:80
79.98.24.39:8080
5.39.91.110:7080
37.187.72.193:8080
220.245.198.194:80
85.25.106.204:8080
83.110.223.58:443
61.19.246.238:443
97.82.79.83:80
120.150.218.241:443
46.105.131.79:8080
174.106.122.139:80
78.188.106.53:443
172.104.97.173:8080
139.162.108.71:8080
176.111.60.55:8080
49.50.209.131:80
162.241.242.173:8080
5.196.108.189:8080
157.245.99.39:8080
Signatures
-
Emotet Payload 2 IoCs
Detects Emotet payload in memory.
Processes:
resource yara_rule behavioral2/memory/3304-0-0x0000000002140000-0x000000000215A000-memory.dmp emotet behavioral2/memory/3304-1-0x0000000002160000-0x0000000002179000-memory.dmp emotet -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
a47bca92dbf3ef4d04a855a6fc4738d5.exepid process 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
a47bca92dbf3ef4d04a855a6fc4738d5.exepid process 3304 a47bca92dbf3ef4d04a855a6fc4738d5.exe