Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
17-11-2020 18:51
General
-
Target
emotet_exe_e1_b2443a21581742d4382bb92eb63471018a5005084171023d4970a3615786702b_2020-11-17__185039.exe
-
Size
202KB
-
MD5
324b6e7341c5936849cfbcd6770f802b
-
SHA1
5fce250bc7c17312bf4bade4dd8007b565ad6d80
-
SHA256
b2443a21581742d4382bb92eb63471018a5005084171023d4970a3615786702b
-
SHA512
a0d6ae9f7b8fa8aed6a39bbd37b2dd3d0108496e038043f843fed5997a7e47c1be22bef9f044c6fdbd7ac29a14c8daee0e357e376e28a7761233f412340bfa88
Malware Config
Extracted
emotet
Epoch1
71.197.211.156:80
91.121.54.71:8080
209.236.123.42:8080
89.32.150.160:8080
68.183.190.199:8080
45.161.242.102:80
217.199.160.224:7080
73.116.193.136:80
190.163.31.26:80
68.183.170.114:8080
207.144.103.227:80
114.109.179.60:80
178.148.55.236:8080
188.135.15.49:80
72.47.248.48:7080
83.169.21.32:7080
24.135.198.218:80
212.174.55.22:443
174.100.27.229:80
192.241.143.52:8080
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_b2443a21581742d4382bb92eb63471018a5005084171023d4970a3615786702b_2020-11-17__185039.exe"C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_b2443a21581742d4382bb92eb63471018a5005084171023d4970a3615786702b_2020-11-17__185039.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3160-0-0x0000000000440000-0x000000000044C000-memory.dmpFilesize
48KB