General

  • Target

    emotet_exe_e1_b2443a21581742d4382bb92eb63471018a5005084171023d4970a3615786702b_2020-11-17__185039.exe

  • Size

    202KB

  • Sample

    201117-syn55wywg2

  • MD5

    324b6e7341c5936849cfbcd6770f802b

  • SHA1

    5fce250bc7c17312bf4bade4dd8007b565ad6d80

  • SHA256

    b2443a21581742d4382bb92eb63471018a5005084171023d4970a3615786702b

  • SHA512

    a0d6ae9f7b8fa8aed6a39bbd37b2dd3d0108496e038043f843fed5997a7e47c1be22bef9f044c6fdbd7ac29a14c8daee0e357e376e28a7761233f412340bfa88

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

71.197.211.156:80

91.121.54.71:8080

209.236.123.42:8080

89.32.150.160:8080

68.183.190.199:8080

45.161.242.102:80

217.199.160.224:7080

73.116.193.136:80

190.163.31.26:80

68.183.170.114:8080

207.144.103.227:80

114.109.179.60:80

178.148.55.236:8080

188.135.15.49:80

72.47.248.48:7080

83.169.21.32:7080

24.135.198.218:80

212.174.55.22:443

174.100.27.229:80

192.241.143.52:8080

rsa_pubkey.plain

Targets

    • Target

      emotet_exe_e1_b2443a21581742d4382bb92eb63471018a5005084171023d4970a3615786702b_2020-11-17__185039.exe

    • Size

      202KB

    • MD5

      324b6e7341c5936849cfbcd6770f802b

    • SHA1

      5fce250bc7c17312bf4bade4dd8007b565ad6d80

    • SHA256

      b2443a21581742d4382bb92eb63471018a5005084171023d4970a3615786702b

    • SHA512

      a0d6ae9f7b8fa8aed6a39bbd37b2dd3d0108496e038043f843fed5997a7e47c1be22bef9f044c6fdbd7ac29a14c8daee0e357e376e28a7761233f412340bfa88

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

MITRE ATT&CK Matrix

Tasks